Win32.Etap
Description Win32.Etap
Etap is a very complex parasitic {high-polymorphic:Poly} Win32 virus that uses the entry-point obscuring technique. The virus infects Windows executable files (Win32 PE EXE). When run the virus searches for these files and infects them.
Replication
The virus searches for Win32 PE executable files in the current directory and in the directories located in the three levels above the current directory. It also searches for executable files on available network drives and on removable media. If a directory's name begins with "W" it infects the exe files contained within. The virus doesn't infect files if their names begin with the following:
F-
PA
SC
DR
NO
'Etap' also spares files with names containing the letter 'V' and depending on random counter values.
While infecting files the virus rebuilds and encrypts its body and writes it to one of the host file's sections. Then, it searches for and replaces one of the 'alls' to the "ExitProcess" function in the host's code section with the 'call' to the viral code.
Payload
Depending on the system date and whether the infected host file imports the Windows library User32.dll file the virus may display messages, such as:
On May, 14th:
"Free Palestine!"
or
On March, June, September, December, 17h:
"Metaphor V1 by the Mental Driller/29a", or
"Metaphor 1b by the Mental Driller/29a"
The latter message's letters may be randomly selected.
Check other viruses! Be aware! Use Antiviral Software
SadFace.843
Description SadFace.843
This is a very dangerous memory resident, encrypted parasitic virus. It hooks INT 21h, and writes itself to the end of COM files that are executed or opened. In September, the virus erases the hard drive and displays the string:
:-(
The virus also contains the strings:
comexe
Sadist.1209
Description Sadist.1209
This is a harmless nonmemory resident parasitic virus. It searches for .EXE files of the current directory, then writes itself to the end of the file. The virus does not manifest itself in any way, it contains the encrypted string:
SADIST
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
|