Home Education E-BooksTravel Troubleshooting Linux Contact Us About Us
Troubleshooting Tips And Steps
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Windows & Hardware Tips
Software Troubleshooting
Information About DOS
Different DOS Commands
Windows Troubleshooting
Hardware Troubleshooting
Information On Viruses
Virus Database
Trojan Removal Techniques
Virus Tools And Softwares
Miscellaneous
Download Free Ebooks
Game Development Company
Tech Support

virus file

VIRUS NAME: W32/Chiton

VIRUS NAME: W32/Chiton

Virus Characteristics

W32/Chiton is a family of viruses which are direct file infectors. After running a single infected file, the virus will infect files in the current directory and subdirectories. Targets files are 32bit PE (Portable Executable) files, such as .EXE and .DLL. In the family we can find:

W32/Chiton.a (alias Chthon)
W32/Chiton.b (alias Shrug)
W32/Chiton.c (alias Out812)
W32/Chiton.d (alias Efish)
W32/Chiton.e (alias Gemini)

Under NT/2000/XP platforms, W32/Chiton.a & W32/Chiton.b are able to infect .EXE files via a Thread Local Storage call. It seems to be the first viruses using this replication technique.

W32/Chiton.a drops a file called "CHTHON.EXE" in the "\windows" directory. For example \windows\chthon.exe on win9x based systems, and \winnt\chthon.exe for Win2000 based systems. The filesize of this dropped file is 2387 bytes.

W32/Chiton.c drops a file called "VB6ENG.DLL" in the "\windows" directory. Its filesize is 2094 bytes.

W32/Chiton.e drops a file called "GEMINI.EXE" in the "\windows" directory. its filesize is 2788 bytes. The viral process is visible in the task manager as "gemini".

Symptoms

32 bit PE type files (.EXE .DLL) have appended or inserted viral code. A and E variants are not crypted and the string "roy g biv" is visible.

Method Of Infection

Manually running an infected file activates the virus.

If you are fed up with any virus and not getting solution of it. mail us on amgroup@skillsheaven.com and please provide all the detail about virus.