W95/Lorez.1766
Analysis
- Virus included into Fortinet Virus Update February
12 2003
Firmware 2.27 AV definition 3.066
Firmware 2.30 AV definition 4.043
Firmware 2.36 AV definition 4.043
- Virus is 32bit and targets Windows 95/98/Me platform
.EXE files
- When run, virus will copy existing “KERNEL32.DLL”
from Windows\System folder and writes an infectious
file “KERNEL32.DLL” into the Windows folder
– the virus code is appended to this file
- When Windows is restarted, EXE files executed or
accessed will become infected due to the infectious
KERNEL32.DLL file being loaded into memory
- Some files may become corrupted during infection
- Virus contains the string “[LoRez] v1 by
Virogen [NoP]” in its code