W95.Orez


Aliases: Win32.Orez.6279, W32/Orez.6279, Win32.Orez.6279, W95/Orez, Win32/Orez.6279
Variants: PE_OREZ.6279, W32/Orez.6279, Win32.Orez.6279, CRYPT.WIN32

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 06 Aug 1999
Damage: Low

Characteristics: The W95.Orez virus is an entrypoint-obscuring, polymorphic, Windows virus. It has 2 different payloads.

More details about W95.Orez

The W95.Orez virus is an entrypoint-obscuring, polymorphic, Windows virus. It has 2 different payloads. When the virus is opened, the virus does any of the following, with a 50% possibility for each one of “It contaminates all executable or .exe files in the “\Windows folder” or “It contaminates all executable or .exe files that have Windows Start Menu shortcuts”.

When the virus opens and the day is 13th Friday, the virus will show an error message. The error message has the title "VirusInfo - Ready for infection," and it has what appears to be an error message from the maker of the virus. On 9th of October, the virus goes to an infinite loop, creating messages and threads until the PC crashes, w/out contaminating any files. The message is as follows: “Title: A kiss from” and “Message: A kiss from [name]”.