Aliases: Win95.Antic.695, W32/Antic.695, W95/Antic.695
Variants: PE_ANTIC.695, W95/Antic-A, Win95.Antic

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 05 Mar 2002
Damage: Low

Characteristics: The W95.Antic program copies itself from the computer. This worm searches its compromised computer’s hard drive for electronic mail addresses and then it sends out itself to an e-mail message as an attachment to get more computers infected

More details about W95.Antic

W95.Antic makes use of its victim’s Internet connection or network connection in sending its replicas to other computers via electronic mail. This worm is capable of spreading without any user interference. Once W95.Antic has gained access to a computer; it replicates itself as an executable file and mounts itself invisibly into the system directory. Aside from replicating itself, W95.Antic also performs other activities including installation of rootkits to hide some files and running processes from being seen and detected by the user. Some of these files include a peer-to-peer client.

When the W95.Antic virus is executed, it attempts to copy itself on the system’s shared memory, hooks the file system open request, and then transfers the control to the original host of the program. Once the virus, W95.Antic, has successfully infiltrated and penetrated the machine’s memory, it will infect all programs having .exe and .scr file extensions, regardless of whether the files are located on a local computer, or on a remote share. Host files shall have an increase in file size between 695 bytes and 4,096 bytes – an indication that the file has been infected. Due to bugs, most files infected by this virus tend to crash.