W95.Evyl


Aliases: Win32.Evyl.a, Win32.Evyl.a, W32/Evyl.a.intd, W95.Evyl.Intended, W32/Evyl-A
Variants: Win32.Evyl.A, W32.Evyl.A, W32/Evyl.A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 25 Aug 1999
Damage: Low

Characteristics: The W95.Evyl program is a virus of the Windows that is written in the assembly language.

More details about W95.Evyl

The W95.Evyl is a virus that is fast infector but does not reside to the memory once this was executed. This virus only affects the Portable Executable file or the PE file. On the other hand, because of the bug in viral code the W95.Evyl will only duplicates under definite instances. The portable Executable files are the portable that are across all of the Microsoft having an operating system of 32 bit. The identical format of the Portable Executable can be performed on the Windows 95, windows 98, Windows Me, Windows NT, and Windows 2000 (any of these). As a result, all of the PE files are actually executable but not all of the files that are executables are portable. An instance of Portable Executable files is the screensaver file having .scr extension.

Once the W95.Evyl was executed, this virus will do a search on the Drives C, Drives D, and Drives E. When the virus searches a file, it will then check if the extension of the file is .exe. If this is true, then the virus will read the MZ header. This MZ header is present in the start of all of the files that are executable for Microsof OS (any of them). Then it checks the MZ’s first two bytes. If this is again done, it will do a final check to make it sure that the file is a Portable Executable file.