W95.Ussrhymn

Risk Level 2: Low

Printer Friendly Page

Discovered: November 9, 2000
Updated: February 13, 2007 11:34:48 AM
Also Known As: Win32.ZHymn.a [KAV], W95/Zhymn.a [McAfee], W32/ZHymn [Sophos], PE_USSRHYMN.A [Trend], Win32.Zombie.19986 [CA]
Type: Virus
Systems Affected: Windows 95, Windows 98, Windows Me


W95.Ussrhymn infects files on Windows 95/98 systems.The virus is based heavily on W95.Bistro, but does not include the features that made W95.Bistro so difficult to detect.

The virus infects Portable Executable (PE) files, and it adds an infected executable into .zip and .rar archives files. It also alters Wsock32.dll and contains support for UUEncoded files.

W95.Ussrhymn got its name from the payload, which plays an old Soviet Republic hymn on January 1st.

Protection

  • Initial Rapid Release version November 13, 2000
  • Latest Rapid Release version August 20, 2008 revision 017
  • Initial Daily Certified version November 13, 2000
  • Latest Daily Certified version January 20, 2009 revision 048
  • Initial Weekly Certified release date November 13, 2000

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Moderate

Damage

  • Damage Level: High

Distribution

  • Distribution Level: Low

Writeup By: Peter Ferrie
Search by name
Example: W32.Beagle.AG@mm
Limited Time Offers! Save up to 50%
Windows Vista Security