Rozak | |
---|---|
Type | File virus |
Creator | Nijamormoazazel |
Date Discovered | 18-FEB-2002 |
Place of Origin | Józefów, Poland |
Source Language | Microsoft Visual C++ |
Platform | MS Windows |
File Type(s) | .exe |
Infection Length | 28,672 bytes |
Reported Costs |
Rozak also known as Kaczor, is a high level language overwriting [[[virus]] (HLLO) for 32-bit Windows systems. When executed, it checks for the presence of the file neh.dll, which contains an exact copy of the virus. If it is not found, it will display a message letting the user know the file is missing, "Brak biblioteki: neh.dll" (missing library: neh.dll). If it does find the file, makes another copy of itself with the name neh.dll. Rozak displays two messages, one after the other. The first says "Kwa! Co chcialoby sie uruchomic program? X Nic z tego. Kaczor mowi: ZAGRAJ W SETTLERS IV!!!!!" (Quack! What would the program like to run? X Nothing. Duck says: PLAY SETTLERS IV!!!!!). The second says, mostly in English, "Kwa! Kwa! WIN_KACZOR by Nijamormoazazel Józefów POLSKA And what Symantec? BloodHound doesn't work?" It searches drives C, D, E, and F for files with the extensions .exe, .mpg, .mpg4, .zip, .doc, .rar, .avi and .mp3. It overwrites these files upon finding them. Overwritten files are not recoverable and the system may not work after the virus is executed.
Messages displayed by the virus indicate it is from Poland, and it even names the town of Józefów, about 15 kilometers/10 miles southeast of Warsaw. Its author, Nijamormoazazel has not produced any works, at least under that name, before or since Rozak. The author intended to name the virus "Kaczor", which means drake or male duck in Polish. There was already a DOS virus named Kaczor from 1996.
Sources
Kaoru Hayashi. Symantec Security Response W32.HLLO.Rozak. 15-APR-2002