Linux.Rike.1627
Description Linux.Rike.1627
Rike is a non-dangerous nonmemory resident parasitic virus. It searches for Linux executable files in the current directory, then writes itself to the middle of the file. It's size is 1627 bytes and is written in the Assembler programming language.
The Rike virus uses low level Linux functions when working with files: SYS CALLS INT 80h. While infecting a file the virus scans sections with the attribute SHT_PROGBITS. Rike increases the size of the last section and writes itself to the free space. Next, the virus inserts a Jump command to the Entry Point address.
The virus writes its label to the ELF header. The label is the string "RIKE".
Check other viruses! Be aware! Use Antiviral Software
Jump.466
Description Jump.466
It is a harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are executed. It contains the text string:
_JUMP_SB_[PS]_
JumpBoot
Description JumpBoot
It is a very dangerous memory resident multipartite virus. While executing an infected file the virus infects the MBR of the hard drive, and returns the control to DOS. While loading from infected disk the virus copies itself into Interrupt Vectors Table, hooks INT 13h and stays memory resident. The virus is stealth one while accessing to infected MBR.
While writing sectors to the floppy disks the virus checks the first byte of the sector. It that byte is JMP command (E9h or EBh), the virus overwrites that sector with its code. As a result the COM files which begin with JMP instruction are overwritten with virus copy when these files are copied to the floppy disk. While overwriting a sector the virus does not check is that sector the file beginning. So the virus can write its copy to the file middle. After infecting any file the virus disables its infection routine and does not infect the files up to next reboot.
|