PFS.3786
Description PFS.3786
This is a benign memory resident encrypted stealth multipartite virus. It infects the MBR of the hard drive and writes itself to the end of COM and EXE files. When an infected file is executed, the virus infects the MBR, hooks INT 21h and stays memory resident. When the system is booted from the infected disk, the virus stays memory resident, hooks INT 8 (timer), wait for DOS loading, then it releases INT 8 and hooks INT 21h.
The virus INT 21h handler hooks more than 10 DOS functions: FindFirst/Next (including long-names calls), open file, close, execute, rename, read, e.t.c. On opening, executing, renaming and file attribute access the virus infects the files. In case of other functions the virus calls its stealth routines.
Plus to file stealth ability the virus uses several quite complex tricks to hide its presence in the system. First of all the virus uses direct disk access calls to bypass BIOS anti-virus protection. To hide its TSR copy the virus leaves in the system memory just 339 bytes of its code - it copies it to the Interrupt Vectors Table. This code contains INT 21h handler that in case of needs reads the complete virus code from the first track of the hard drive and calls it. As a result the virus does not occupy the conventional system memory and is not visible by memory browsers. Depending on the system environment the virus also copies its code to the XMS memory and in case of need reads it from there, not from the hard drive.
The virus contains the text strings:
PowerFul Stealth v6.1 (c)'98 DK eyegabooom
Check other viruses! Be aware! Use Antiviral Software
Leathal.722.a
Description Leathal.722.a
It is not a dangerous nonmemory resident parasitic virus. It searches for COM files and writes itself to the end of the file. It contains/displays the text string:
Leathal$virus$
Leathal Virus Striked your fuking computerall
Do not worry, I am not destructive...
Leda.820
Description Leda.820
This is a relatively harmless, memory resident parasitic virus. It hooks INT 21h, and writes itself to the end of COM files that are accessed. From 6 until 11 in November, depending on the system time, it displays the following message and halts the PC:
Masz wirusa LEDA (BDv3.0) , (c) B.D. 27.V.1994
P.S. Dzieki dla autora wirusa FLOOR 1153
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
MESON AB
MÅab Bil & Maskin Ab
SENSEC AB
MARKLUNDEN AB
VIDA BORGSTENA AB
|