W95.HybrisF


Aliases: I-Worm.Hybris.dropper (Kaspersky Lab), W32/Hybris@MM (McAfee),   W95.HybrisF (Symantec),   Win98.Vecna.28672 (Doctor Web),   W32/Hybris-F (Sophos),  
Variants: Win32/Hybris.F, WORM_HYBRIS.DR1, Win32:Hybris-C, I-Worm/Hybris.Dropper, Win32.Hybris.A.Dropper 

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Fast
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Hard
Platform: W32
Discovered: 17 Nov 2000
Damage: Low

Characteristics: The W95.HybrisF program is one of the plug ins that are encrypted and also downloaded by the worm W95.Hybris.gen.

More details about W95.HybrisF

This program contaminates the Portable Executable or PE files. Only the Portable Executable files having long enough section of code will be the one infected by it. The infection of the virus plug-in packs the unusual code area and then overwrites it in case it will not totally fit in a same location. The antiheuristic infection method that is complicated is very hard to repair but it is not really impossible. Recently the SARC determines the plug-in as the W95.HybrisF.The portable Executable files are the portable that are across all of the Microsoft having an operating system of 32 bit. The identical format of the Portable Executable can be performed on the Windows 95, windows 98, Windows Me, Windows NT, and Windows 2000 (any of these).

As a result, all of the PE files are actually executable but not all of the files that are executables are portable. An instance of Portable Executable files is the screensaver file having .scr extension. When removing the virus, you must first update the virus definitions. After that, boot your computer from a boot disk that is clean. In booting your computer, shut down first the Windows. Turn off power and then wait until about 30 min. It is important to not pressing the reset button. Insert DOS boot disk then restart computer. Run your antivirus DOS scanner. Then repair all of the files that are discovered as the W95.HybrisF.