W95/Infis.4608 |
Name: W95/Infis.4608
Aliases:Infis.4608, WinNT.Infis.4608
Type: Portable Executable Virus
Description:
W95/Infis.4608 is a memory-resident portable executable virus that replicates under Windows NT 4.0 with service pack 2 and higher. It does not affect systems running Windows 2000 or Windows 9x. This virus is the first to: behave as an NT device driver [designed to be part of the OS]; to hook file opens under NT; to stay memory resident; and to infect whenever a file is being opened. The virus code is buggy and may corrupt files on infection, indicated by the display of Windows NT application error message. The virus does not have a destructive payload.
W95/Infis.4608 infects portable executable files, with the exception of CMD.EXE. When an infected file is executed, the virus copies itself to the system, creating a file named INF.SYS in the \WINNT\SYSTEM32\DRIVERS subdirectory. In addition, the virus modifies the Windows Registry so that on reboot the virus will become memory-resident.
-
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\inf
Detection:
Command AntiVirus 4.57 and higher will detect and disinfect W95/Infis.4608 with deffiles dated 10/12/99. Command AntiVirus 4.54, 4.54 SP1 and 4.54 SP2 will detect infected .EXE files with deffiles dated 10/12/99, however the file C:\WINNT\SYSTEM32\DRIVERS\INF.SYS will not be detected.
| Virus Databases | Virus Links | ||
| Virus Research | Submitting a Virus |
Test Drives |
Year 2000 |
Site Map |
Customer Service |
Press Room |
Awards/ Reviews |
Global Resellers |
 |
Command Software Systems, Inc. 1061 East Indiantown Road · Suite 500 Jupiter · FL 33477 Phone: (561) 575-3200 |