Class Virus
Platform BAT

Technical Details

This is a not dangerous nonmemory resident polymorphic BAT virus. It
writes itself to the end of the files. When executed it searches for .BAT
files in current, parent, current C: drive and root C: directories, then in
all PATH directories and infect one batch file that is found.

The virus uses polymorphic BAT engine similar to the “Batalia6”
virus – it compresses itself with PKZIP and password, and adds to its entry
code “junk” strings.

The virus displays the text:

(: PolyBat Morpher 🙂

While infecting a file the virus uses external DOS command and utilities:
PKZIP, PKUNZIP, ATTRIB, FIND, and fails to infect the files if there are no
such programs in PATH.

Find out the statistics of the threats spreading in your region