| It is not a dangerous nonmemory resident parasitic multipartite virus. The virus is written in Assembler and has a size of about 2.5 Kb. It infects Windows PE files and Linux ELF files. It contains two parts: a Windows and a Linux part. |
这不是一个危险的非长驻多平台病毒。这个病毒是用汇编写出来的大小只有2.5K左右。它感染WINDOWS PE文件和LINUX ELF文件。所以它包括2个部分,一个WINDOWS部分和一个LINUX部分。 |
The Windows part
It searches for all files in the current and upper directory and infects PE files and Linux ELF files (it checks the file type by file format). It infects both types and has two subroutines for each type (Windows version). |
WINDOWS 部分
它会在当前目录和上层目录查出所有PE和ELF文件并且感染他们(它是用文件格式来确定文件类型)。这个病毒会感染两种文件类型并对每种类型各用一个子程序来感染他们。 |
The Linux part
It searches for all files in the current directory and infects PE files and Linux ELF files (it checks file type by file format). It infects both types and has two subroutines for each type (Linux version). |
LINUX 部分
它会在当前目录查出所有PE和ELF文件并且感染他们(它是用文件格式来确定文件类型)。这个病毒会感染两种文件类型并对每种类型各用一个子程序来感染他们。 |
Infecting Windows PE files
The virus scans for the ".reloc" section. If this section was found the virus writes itself to the middle of the file. It saves original Entry Point address and restores the PE file after finished its work. |
感染WINDOWS PE文件
这个病毒会扫描文件头的".reloc" 部分。如果找到了这个部分病毒会将自己写入文件中间,它会在这个过程后保存原入口地址并且交还控制权给这个文件。 |
Infecting Linux ELF files
The virus writes itself to the Entry Point of the file. It saves original
data at the end. It the saves code from Entry Point and restores the ELF
file after finishing its work. |
感染LINUX ELF文件
这个病毒会把它自己写入文件的入口。它会把原来的数据写到文件尾部。在这些工作后它记录下入口的编码并且交还控制权给这个文件。 |
The virus contains the text strings
[Win32/Linux.Winux] multi-platform virus by Benny/29A
This GNU program is covered by GPL. |
这个病毒包含这样的文字:
[Win32/Linux.Winux] 多平台病毒 by Benny/29A
这个GNU程序符合 GPL标准.
|
