Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:05/08/2006
Type:File infector
In the wild:No
Reported Infections:Low
Distribution Potential:Medium to high
Damage Potential:Medium to high
Static file:No
File size:5.572 Bytes
IVDF version: - Saturday, August 5, 2006

 General Method of propagation:
   • Infects files

   •  Symantec: W32.Bolzano.5396
   •  Mcafee: 32/Bolzano.irc.dr
   •  Kaspersky: Virus.Win32.Bolzano.5396.a
   •  TrendMicro: PE_BOLZANO.IRC
   •  F-Secure: Win32.Bolzano.12296
   •  Sophos: W32/Bolzano
   •  Bitdefender: Win32.Bolzano.12296
   •  Microsoft: Win32/Bolzano.12296
   •  DrWeb: Win32.Bolzano

Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP

Side effects:
   • Infects files
   • Lowers security settings

 Files It modifies the following files:
   • %SYSDIR%\ntoskrnl.exe
As a result various security mechanisms are disabled.

   • c:\ntldr
As a result various security mechanisms are disabled.

 File infection Infector type:

Embedded - The virus inserts its code throughout the file (in one or more places).

Because of bugs in the virus it may happen that only some of the virus code be present in the infected sample and inhibit further replication.

EPO (Entry Point Obscuring) - The infected file's EP (Entry Point) remains the same. The virus patches the program code to redirect execution to the viral code.

Self Modification:

Polymorphic - The entire virus code changes from one infection to another. The virus contains a polymorphic engine.


This direct-action infector actively searches for files.

Ignores files that:

Are smaller than: 16.384 Bytes

The following files are infected:

By file type:
   • *.exe
   • *.scr

Description inserted by Razvan Olteanu on Tuesday, February 1, 2011
Description updated by Razvan Olteanu on Tuesday, February 1, 2011

Back . . . .