Virus.BAT.PolyBat

Class Virus
Platform BAT
Description

Technical Details


This is a not dangerous nonmemory resident polymorphic BAT virus. It
writes itself to the end of the files. When executed it searches for .BAT
files in current, parent, current C: drive and root C: directories, then in
all PATH directories and infect one batch file that is found.


The virus uses polymorphic BAT engine similar to the “Batalia6”
virus – it compresses itself with PKZIP and password, and adds to its entry
code “junk” strings.


The virus displays the text:


(: PolyBat Morpher 🙂

While infecting a file the virus uses external DOS command and utilities:
PKZIP, PKUNZIP, ATTRIB, FIND, and fails to infect the files if there are no
such programs in PATH.