Linux.Peelf.2132, W32.Winux, Linux.Winux, W32/Lindose
Category: Computer Virus
Active & Spreading
Some parts of Asia, Europe, North and South America, Africa and Australia
27 Mar 2001
W32.Peelf.2132 was first discovered on March 27, 2001. Also known as Linux.Peelf.2132, W32.Winux, Linux.Winux, W32/Lindose, this proof-of-concept virus has the ability to execute on Microsoft Windows 95, 98, Me, NT, 2000 and has the ability to infect files on Linux systems.
W32.Peelf.2132 Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer virus removal tool to automatically clean W32.Peelf.2132 from your computer.
More details about W32.Peelf.2132
W32.Peelf.2132 infects Microsoft Windows PE files and Linux ELF files. This proof-of-concept virus has the ability to infect files from both Windows and Linux operating systems at the same time. This means, it has the ability to infect files on either or both systems. Knowing the file structure of both Windows and Linux using the infection code enables the virus the ability to infect files. Once the infected file is executed under Microsoft Windows operating system, the virus searches the current folder and all folders for PE and ELF files. Under Linux, the virus searches the current directory only when an infected file is executed. The virus has the tendency to write itself on PE file that has a relocation section. It also removed the reference to the relocations. If an ELF files is found, the virus produces a copy of those bytes to the end of the file and overwrites the code at the entry point with itself. The files size will not increase for PE file, but in ELF file, the size of the file will increase. All files that are infected contain two strings: Win32/Linux.Winux] multi-platform virus by Benny/29A and This GNU program is covered by GPL.
This virus is not a high risk threat since it does not have the ability to propagate itself and contains no payload. However, there is still a manual removal of this virus. For Windows, update the latest virus definitions. Run a full system scan then delete all files detected by W32.Peelf.2132. For Linux, restore the infected files from backup. Finally, restart the computer in Normal mode.