Trojan.NetPatch
Description Trojan.NetPatch
Text (c) Future Time di Paolo Monti
This trojan was released as a "wonderful" patch for Netscape. Actually, it changes the system date launching the system shell (i.e. COMMAND.COM /C DATE=18/04/2097), clears the screen (COMMAND.COM /C CLS) and creates in the current directory two files with unusual names. One file has size of 0 bytes. The other one is 21 bytes long and contains the text:
NETSCAPE IS PATCHED
As side note: the "DATE" command doesn't work with 4DOS, that for default uses another format to set the date (i.e. DATE=dd-mm-yy). The trojan finds COMMAND.COM consulting the COMSPEC enviroment's variable.
Check other viruses! Be aware! Use Antiviral Software
Bootache.2048
Description Bootache.2048
This is the memory resident multipartite polymorphic virus. When loaded from infected file it hooks INT 21h and writes itself at the end of COM-, EXE- and SYS-files that are executed or opened. When loaded from infected sector it hooks INT 13h and writes itself into the boot sectors of the floppies. The file infection algorithm of this virus do not spread boot infection, the boot infection do not spread file infection. It looks as two different viruses in one file.
It contains the following strings:
COMSPEC=COMMAND.COM
COMEXEOVLSYS
*YAM*
Your PC has a bootache! - Get some medicine!
Ontario-3 by Death Angel
BootCOM.357
Description BootCOM.357
This is memory resident multipartite virus. It hits COM files as well as system sectors (boot or/and MBR).
On execution of infected file this virus hits MBR of hard drive. On loading from infected MBR it hooks INT 13h, then it waits for loading of the first EXE-file and hooks INT 21h. Then it writes itself at the end of COM-files are executed. It contains the internal text string: "[Max]".
|