Summary

This is an encrypted resident infector of EXE files. It infects files when run and also stays resident and infects when other files are accessed. Amount of free memory is not decreased.

Virus contains this text:

        CLAWS (C)1994-95 WereWolf

Virus is encrypted with a variable 32-bit key. It deletes checksum databases belonging to several different antivirus packages.

[Analysis: Mikko Hypponen, F-Secure]