Rozak
Rozak
Type File virus
Creator Nijamormoazazel
Date Discovered 18-FEB-2002
Place of Origin Józefów, Poland
Source Language Microsoft Visual C++
Platform MS Windows
File Type(s) .exe
Infection Length 28,672 bytes
Reported Costs
RozakError.png

Rozak also known as Kaczor, is a high level language overwriting [[[virus]] (HLLO) for 32-bit Windows systems. When executed, it checks for the presence of the file neh.dll, which contains an exact copy of the virus. If it is not found, it will display a message letting the user know the file is missing, "Brak biblioteki: neh.dll" (missing library: neh.dll). If it does find the file, makes another copy of itself with the name neh.dll. Rozak displays two messages, one after the other. The first says "Kwa! Co chcialoby sie uruchomic program? X Nic z tego. Kaczor mowi: ZAGRAJ W SETTLERS IV!!!!!" (Quack! What would the program like to run? X Nothing. Duck says: PLAY SETTLERS IV!!!!!). The second says, mostly in English, "Kwa! Kwa! WIN_KACZOR by Nijamormoazazel Józefów POLSKA And what Symantec? BloodHound doesn't work?" It searches drives C, D, E, and F for files with the extensions .exe, .mpg, .mpg4, .zip, .doc, .rar, .avi and .mp3. It overwrites these files upon finding them. Overwritten files are not recoverable and the system may not work after the virus is executed.

Messages displayed by the virus indicate it is from Poland, and it even names the town of Józefów, about 15 kilometers/10 miles southeast of Warsaw. Its author, Nijamormoazazel has not produced any works, at least under that name, before or since Rozak. The author intended to name the virus "Kaczor", which means drake or male duck in Polish. There was already a DOS virus named Kaczor from 1996.

Sources

RozakCredits.png
RozakMessage.png

Kaoru Hayashi. Symantec Security Response W32.HLLO.Rozak. 15-APR-2002

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License