Cleevix (computer virus)

Cleevix is an unremarkable direct action Windows file infector virus. The earliest isolation date is currently January 2, 2006. Because of the message box displayed whenever Cleevix infects a file, it is easily noticed, and unlikely to spread in the field. Beyond having variable encryption features (which change after each generation), it is a very simple virus.

Infection

When a file infected by Cleevix is executed, it will search the following directories and infect all Portable Executable .exe files in them:

• The Windows directory
• The System directory
• The current directory

Infected files will have Cleevix's encrypted virus code appended to them. After this, Cleevix displays a message box (see symptoms).

Symptoms

Files infected by Cleevix will increase by 3,106 bytes. In addition, a message box will be displayed after the virus performs its infection routine. The message box is entitled "F-13 Labs" and contains the message "Author:1[REMOVED]e_vx". The author's name has been intentionally removed in all available descriptions.

Prevalence

The spread of file infectors is generally slow. As such, it is often several months before they are spotted in the field. Because of this, it is impossible (as of January 2006) to get very accurate statistics on the spread of Cleevix. However, the message box payload means that this virus is easily discovered and is unlikely to become common.

External links

• Symantec - W32.Cleevix