W32.Tosep


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Hard
Platform: W32
Discovered: 14 Mar 2003
Damage:

Characteristics: The W32.Tosep application is a Win32 encrypted virus that infects Portable Executable Windows files that have extensions of .exe and located in the similar folder of the virus

More details about W32.Tosep

Once the W32.Tosep was executed, it presumes control of system. The virus looks for the files of the PE having .exe extensions and then lives as a virus in the found folder. PE files are the files that are portable across all of the Microsoft operating systems at about 32-bit. The same executable PE format can be performed on any edition of the Windows, 2000, Windows NT, Windows, 98, Windows 95. As a result, the entire executable PE files, but not every executable files are moveable or portable. A very good instance of the PE file is the screen saver file, those that have .scr extension. The virus only infects the files once and cannot be repeated. The W32.Tosep searches for the word “FU**” string.

This string “FU**” has the 58H offset of the header of the PE to see if the found file has been infected already by the virus. In case this file wasn’t been infected by the virus, it adds its body that is encrypted to the found files. The files that were infected will have an additional section that will be named as “CODE2”. The section has a length of 4,096 bytes. And then the W32.Tosep will modifies entry point of the host to its body that is viral and then appends the infection marker of its own to the header of the PE. The infection marker is the string “FU**”.