Summary

This is not a virus but a joke program written with Delphi.

Joke.Win32.Russ advertises a 3D action computer game called "VIRUS". It does this in a very strange manner - imitating all folders deletion from a hard disk. This is why it is detected - to prevent shocking of computer users.

Additional Details

When the program is executed it opens a small window with a yellow smiling face icon and a message:

        Please Wait. Initializing...

Then the Explorer window is opened viewing Windows 95 root folder. Immediately the 'Confirm Folder Delete' dialog is showed asking:

        Are you sure you want to delete 'Win95' folder
        and all its contents ?

There's no way the "No" button can be pressed as mouse cursor evades it. After several seconds the joke imitates deletion of Windows 95 folder and then all the rest folders on drive C: are "deleted".

In the end the joke opens the 'Shutdows Windows' dialog with grayed 'No' button, 'Restart the computer?' and 'Close and log as a different user?' options. Shortly after that the computer is 'restarted', the screen goes blank.

After a few seconds the following message is printed in big green letters one by one:

        Thank god this is only a game...

Finally a new 3-D computer game advertisment is shown as two pictures containing its description and distributors addresses. After pressing a key the joke passes control to the system.

We recommend that this joke is deleted instead of passing it around.

[Analysis: Alexey Podrezov, F-Secure]