Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Win95/Lorez

Win95/Lorez is a resident virus able of spreading in the environment of operating system Windows 9x/ME. It attacks the files of PE (Portable executable) type, and the system file kernel32.dll.

Note: In following text a symbolic inscription %windir% is used instead of the name of directory in which Windows operating system is installed. Of course, this may differ from installation to installation.

After it is activated Win95/Lorez copies the file kernel32.dll from system directory of Windows (typically from C:\WINDOWS\SYSTEM\ into the directory %windir%. The virus attacks this copy of system file kernel32.dll so that it redirects the operation of the function GetFileAttributesA to itself .

Attacking the system file kernel32.dll the virus assures its activation after restarting the operation system. The virus attacks all executable files with the extension EXE having format PE. Except attacking the files the virus has no other function.

At the end of the virus code there are following text strings.

[LoRez] v1 by Virogen [NoP]\KERNEL32.dll
GetTickCount
GetWindowsDirectoryA
SetFileAttributesA
CreateFileA
SetFilePointer
ReadFile
WriteFile
CloseHandle
GetSystemDirectoryA
CopyFileA
GetFileTime
SetFileTime
ExitProcess
GetFileAttributesA

 

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.