Name: Win32.Miam.169 Category: Viruses Description: Details Win32.Miam.1696 This is a dangerous parasitic Win32 virus that infects Win32 PE EXE files (Win32 applications). While infecting, the virus writes its code to the end of the file, and patches the program entry routine with a short code that passes control to the main virus body when an infected file is executed. The virus has bugs and some files can be corrupted during infection. When an infected file is run, the virus looks for Win32.EXE files in the current directory and infects them. The virus then gets NOTEPAD.EXE and CALC.EXE from the Windows directory and infects them too. Next, the virus hooks the CreateFileA Windows API function and stays memory resident as a hidden sub-process of the host process (infected application). So, the virus is "per-process" memory resident, and is active until an infected application is activated. When any file is being opened, the virus searches for all .EXE files in the current directory and infects them. Depending on the system time (the infected program is run at 10:00 a.m.), the virus drops C:NEO.BMP, stores an image there and registers that as the Desktop wallpaper. The image has a text on black background: Wake Up Neo [win32.Neo] When the 1st virus generation (virus dropper) is run, it displays the following message: Win32.Neo Virus by [TiPiaX/VDS] Miam ! I love PE files ;) Thus the virus is named "Miam".