Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
Infects WIN PE 64-bit files.
W64/Rugrat.3344 is a file infector, attacking only 64-bit Windows platforms. It is the first infector that infects 64-bit Windows executable files.
The virus uses Win64 APIs on 3 different libraries:
From NTDLL.DLL file, it uses the following functions:
SfcIsFileProtected() Function from SFC_OS.DLL file is used to hide the infection action on executables, protected by System File Checker (SFC).
The following 16 functions are used from KERNEL32.DLL, to enable a standard infection of IA64 Portable Image:
The virus contain the following strings, which are never displayed:
Shrug - roy g biv
The file infection is a standard routine. But it can run only on clean 64-bit files.
Description inserted by Crony Walker on Tuesday, June 15, 2004