“Ramlide” is a non-dangerous non-memory resident parasitic Win32, encrypted virus. It infects Win32 applications only. While infecting the virus encrypts itself and writes itself to the end of the file.
When the infected file starts the virus infects *.EXE, *.SCR, *.CPL files in the current directory, and it then infects the following files in the Windows directory: CALC.EXE, NOTEPAD.EXE, CDPLAYER.EXE, WRITE.EXE, PBRUSH.EXE.
On the 7th, 12th, 17th and 22nd of any month the virus drops the “ramlide.bmp” image file and registers it as desktop wallpaper.
The virus also contains the text strings: