PE_SMASH, Virus.Win9x.Smash.10262, Virus:Win32/Smash.10262, W32/Smash
W32/Smash.10262, W95/Smash, W95/Smash-10262, Win95/Smash
Category: Computer Virus
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
13 Feb 2007
The W95/Smash program is a memory resident polymorphic 32 bit Windows virus that infects files on Windows 9x systems.
W95.Smash Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer virus removal tool to automatically clean W95.Smash from your computer.
More details about W95.Smash
W95.Smash is a memory resident parasitic virus that infects files on Windows 9x systems. The virus uses Win9x specific functions and is not able to propagate under Windows NT. This virus affects PE EXE by appending itself to the end of the file. It pays no attention to the file name extension, and because of this, it infects PE file - executable files, SCR screen-savers, DLL libraries, etc. This virus has a very harmful payload process, it overwrites C:\IO.SYS file with a trojan code and shows a message, “Virus Warning! Your computer has been infected by virus. Virus name is 'SMASH', project D version 0x0A. Created and compiled by Domitor. Seems like your bad dream comes true...”
The virus utilizes a polymorphic engine, which hides virus code, by utilizing a loop mutating decryption. This virus as well utilizes a "blocks mixing" structure. The virus data and code are separated into about 60 blocks (infection, payload routines, installation, etc.). If the virus infects another file, it mixes these blocks randomly and links the files with a special table. And because of this, the structure of the virus is different in each file infected.