Selected viruses, spyware, and other threats: sorted alphabetically
Win95/Lorez is a resident virus able of spreading in the environment of operating system Windows 9x/ME. It attacks the files of PE (Portable executable) type, and the system file kernel32.dll.
Note: In following text a symbolic inscription %windir% is used instead of the name of directory in which Windows operating system is installed. Of course, this may differ from installation to installation.
After it is activated Win95/Lorez copies the file kernel32.dll from system directory of Windows (typically from C:\WINDOWS\SYSTEM\ into the directory %windir%. The virus attacks this copy of system file kernel32.dll so that it redirects the operation of the function GetFileAttributesA to itself .
Attacking the system file kernel32.dll the virus assures its activation after restarting the operation system. The virus attacks all executable files with the extension EXE having format PE. Except attacking the files the virus has no other function.
At the end of the virus code there are following text strings.
[LoRez] v1 by Virogen [NoP]\KERNEL32.dll
© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.