VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Source code of computer viruses

Cleevix - Virus for Windows by lclee_vx

Virus for Windows

Show all viruses by this author


Download (5088 bytes) or browse online

Author's comments

Win32.Cleevix is a PE infector on Windows 9x/2K/XP with simple encryption, anyhow, its not detect by Norton Antivirus. :)!!

When a file infected by Win32.Cleevix is executed, the virus start the process as below:

  1. Retrieve the base address of Kernel32.dll
  2. Scans the Export Table of Kernel32.dll for the API Functions
  3. Retrieve API functions by scanning others *.dll file. For example, retrieve MessageBox function from User32.dll file.
  4. Scan the Current, Windows and System directory, infect all the *exe files. Infected files will grow by about 2.99 Kilobyte
  5. The virus do not try to harm/damage the system, its just patch itself to the PE files. Anyhow, it might bring down the system as the scanning process running.
  6. The virus apply the simple encryption, its not detected by Norton Antivirus (tested)

By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! aka