W95.Dupator.1503


Aliases: W32/Dupator, Win95.Dupator.1503
Variants: PE_DUPATOR.1503, Mid/W95/Dupator

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 03 Nov 1999
Damage: Low

Characteristics: The W95.Dupator.1503 program adds itself to the Portable Executable files of the Windows. It generates a copy that in infected of the Kernell32.dll in the folder of the Windows.

More details about W95.Dupator.1503

The virus adds itself to the file Kernell32.dll in the folder of the Windows and points the function call getFileAttributesA that was exported into viral code. In case the computer will be restarted, this virus will then use the Kernell32.dll which was infected so it can infect the Windows Portable Executable file. When removing the virus, you must first update the virus definitions. After that, boot your computer from a boot disk that is clean. In booting your computer, shut down first the Windows. Turn off power and then wait until about 30 min. It is important to not pressing the reset button. Insert DOS boot disk then restart computer. Run your antivirus DOS scanner. Then repair all of the files that are discovered as the W95.Dupator.1503.

The W95.Dupator.1503 has been popular to contaminate the variants of the W32.Opaserv.Worm. From the files where the W95.Dupator.1503 virus was can not be repaired, the files infected should be deleted. The PE files of the Portable Executable files across all of the operating system of the Microsoft having 32 bit. The similar formats of the files of PE are executable but not all of the files that are executable are portable. The familiar example of the PE file is the screen saver file having .scr extension. Once the infected file was being executed with the W95.Dupator.1503 virus, it will replicate the file of Kernell32.dll coming from the folder of the Windows to the folder of the System.