Trojan.Win16.BuggyShell

Class Trojan
Platform Win16
Description

Technical Details

This program is not a real trojan, but an utility that works like a trojan
because of a bug. This utility intends to replace Windows SHELL with
another application by patching the “Shell=” instruction in the SYSTEM.INI
file in the [boot] section. Because of a bug this routine does work only on
COMPAQ computers and corrupts the SYSTEM.INI file under any other
environment: the “Shell=” instruction in this case points to nothing. When
Windows reboots with corrupted SYSTEM.INI it is not able to locate the
Shell and halts, for instance in case of Win95 it displays the error
message:


Error loading.
You must reinstall Windows.

To repair corrupted SYSTEM.INI it is necessary to load the computer in DOS
mode and fix following data in the SYSTEM.INI file:


[boot]
shell=

Usually Shell points to EXPLORER.EXE in case of Win32 or to PROGMAN.EXE in case of Win3.xx.