Proactive IT Security
W32/FunLove.4099
Threat risk
Threat risk low
|
Detection files published:
11 Nov 1999 |
Description created:
2001-08-16 |
Description updated:
2001-11-12 |
|
Alias:
|
Spreading mechanism
File Infection, Network | |
|
Payload:
| ||
Summary
This is a virus that infects Windows executable (*.EXE, *.SCR and *.OCX) files on both Win9x/Me and WinNT/2000. When run, it will install a file called FLCSS.EXE in the windows system directory (e.g. C:\WINDOWS\SYSTEM or C:\WINNT\SYSTEM32).Under WinNT this file is running as a system process service and infects files on local disks and will also spread itself to shared network drives. Under Win9x it runs as a hidden program not visible in the task list.
If it is run on an NT administrator account on NT 4.0, it will attempt to patch the files NTOSKRNL.EXE and NTLDR in such a way that NT's admin privileges are given to all that asks for it.
Removal
General information about removal of malicious software
Norman's antivirus products are in general able to remove all malicious software that is detected.
Some malware, however, uses techniques that the general product does not remove sufficiantly. We have therefore developed the free product Norman Malware Cleaner. Please use the latest version of this program from the link below - if your Norman antivirus is unable to clean-up the infection.
| Usage | Title | Comment |
|---|---|---|
| Stopping network share infectors | ||
| Cleaning of back-up folders on Windows Me and XP |
