Virus

W95/Lorez.1766

Analysis

  • Virus included into Fortinet Virus Update February 12 2003
    Firmware 2.27 AV definition 3.066
    Firmware 2.30 AV definition 4.043
    Firmware 2.36 AV definition 4.043
  • Virus is 32bit and targets Windows 95/98/Me platform .EXE files
  • When run, virus will copy existing “KERNEL32.DLL” from Windows\System folder and writes an infectious file “KERNEL32.DLL” into the Windows folder – the virus code is appended to this file
  • When Windows is restarted, EXE files executed or accessed will become infected due to the infectious KERNEL32.DLL file being loaded into memory
  • Some files may become corrupted during infection
  • Virus contains the string “[LoRez] v1 by Virogen [NoP]” in its code