W95.Kenston


Aliases: Win32.Kenston.1895
Variants: W95/Kenston.1895, Win95/Kenston, Haha

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 01 Feb 1999
Damage: Low

Characteristics: The W95.Kenston program infects the PE files on Windows 9x. This virus is not a memory resident.

More details about W95.Kenston

Once the W95.Kenston was performed, it infects files and then decrypts itself. The virus will then search the memory of the computer for the function of the Kernel32.dll. Then the virus will search through all of the folders and also the subfolders located on the hard disk starting on the root. This virus will then adds itself to the last part of host file and infects the files that have only .exe extension. The files that are infected grow for about a size of 1895 bytes but their stamp date and time will not change. The W95.Kenston does not show any of the messages or generates any side effects that are malicious. While the W95.Kenston is performing, it will infect only a single file contained on that particular folder.

The Virus will mark a byte located in the header of the files that are infected so that in case it may not re infect them. When removing the virus, you must first update the virus definitions. After that, boot your computer from a boot disk that is clean. In booting your computer, shut down first the Windows. Turn off power and then wait until about 30 min. It is important to not pressing the reset button. Insert DOS boot disk then restart computer. Run your antivirus DOS scanner. Then repair all of the files that are discovered as the W95.Kenston.