Bi.A, Biwili.A, Capzloq, ELF/BiWiLi.A, ELF_BI.A
PE_BI.B, Virus.Linux.Bi.a, Virus.LinuxBi.a, Virus.Win32.Bi.a, W32/Biwili.A
Category: Computer Virus
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
10 Apr 2006
The W32/Linux.Bi program is a file infector virus. It is a 1287 code segment that is either appended at the end or inserted before the beginning of the executable file it finds.
W32/Linux.Bi Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer virus removal tool to automatically clean W32/Linux.Bi from your computer.
More details about W32/Linux.Bi
W32/Linux.Bi is a parasitic virus that affects both Linux and Windows Operating System. It infects binary executable files of 4Kb to 4Mb in size. The W32/Linux.Bi virus is written in assembler and only infects files within its directory. This virus is created as a classic proof of concept code. It is designed to simply show that it is possible to create cross platform viruses, thus it does not cause any actual harm and destructive effects on infected computers. However, it may spread by simply launching an already infected file, and may be propagated by any typical means of transmission such as CD, floppy, thumb drives, and email. The W32/Linux.Bi virus is hard to recognize because it does not show any messages indicating that the virus has already reached the machine.
When the W32/Linux.Bi is active, it searches for binary executable files to infect in the current directory or folder where it is run from. Due to the virus presence, the size of the file that has been infected is increased. Also, the date and time of infected files is changed the moment the infection occurred. Infection of the W32/Linux.Bi virus is through manual execution of the executable file. The W32/Linux.Bi infects ELF (Executable Linking Format) and PE (Portable Executable) structure used by Linux and Windows platform. It infects by using INT 80 system calls and injects its body into the file.