SAN FRANCISCO (02/24/2000) - As Microsoft Corp. developers were diligently developing code for Windows 2000, so too were developers from the dark side--virus writers--busily preparing the first batch of their infectious code.
Windows 2000 made its public debut only last week. Already, the first native virus has surfaced for the brand-spanking-new operating system. The virus is dubbed W2K.Infis.4608, according to a report from Symantec Corp., the maker of Norton AntiVirus.
Luckily, or unluckily, this virus only spreads if you're online and logged on with administrator privileges, says Charles Rennert, director of research at Symantec's AntiVirus Research Center.
Through lab tests, SARC researchers have determined the W2K.Infis.4608 virus loads a driver called inf.sys into your Windows NT system 32 drivers folder. If you see this file in your system's drivers directory, you have the virus.
You can also find another indication of infection in your Windows registry files. It's likely the virus is there if you also see this key: hklm\system\CurrentControlSet\Services\inf.
Equal-Opportunity Infections
The W2K.Infis.4608 is a variant of an older, low-risk Windows NT virus called WNT.Infis.4608, which infects certain executable Windows files, according to McAfee.com, maker of VirusScan. The viruses spread only if you're logged on as an administrator.
At this point, Symantec is labeling the virus low-risk, as there have been no reports of infection in the wild, Rennert says. Also, the level of destruction from the virus is negligible.
While the virus won't harm your system, it serves as a reminder to log off as soon as you're done with your tasks as administrator, Rennert says. Often, the most damaging hacker and virus attacks occur when you go online as administrator because an attacker or virus could effectively bring down your entire network.
As Windows 2000 viruses materialize, it's important to note that most 32-bit viruses written for Windows 95 and 98 are also Windows 2000-compatible.
Symantec will have a patch for W2K.Infis.4608 on its site later this week. No fixes were available for W2K.Infis.4608 as of Wednesday afternoon from other major antivirus software providers, including Trend Micro, McAfee, and Panda.
However, all of those antivirus vendors have virus detection and protection tools for Windows 2000.