DDoS.Win32.Boxed.a
Description DDoS.Win32.Boxed.a
This is a DDoS (Distributed Denial of Service) Trojan. It conducts a SYN Flood attack on a number of servers in the bootcom.com doman. It works under Windows NT.
When launched, it creates a service named Secure transactions provider, which covertly starts each time the system boots up.
The service launches five threads, each of which sends TCP packets to one of the servers under attack at high frequency, with SYN flags set. This will cause the network to slow noticeably.
Check other viruses! Be aware! Use Antiviral Software
DirFiller.1409
Description DirFiller.1409
It's dangerous memory resident parasitic stealth virus. It hooks INT 21h and writes itself to the end of COM- and EXE-files that are executed or opened. Depending on its counter it encrypts the root directory of the C: drive.
DirII.1024.a
Description DirII.1024.a
This is a memory resident dangerous stealth virus. It infects COM and EXE files during read/write operations with the sectors which belongs to the directories, containing information about these files. The virus places its own bodies into the last cluster of the infected logical disk. It marks this cluster as the last in the file cluster chain. When the virus infects the file it replaces only the number of the first cluster of the file. The new number will point to the body of the virus. So the virus don't change the contents and the size of the infected file and besides there will be only one copy of the virus on the disk.
During initialization the virus penetrates into the DOS kernel, modifies the address of the system disks driver and hooks all DOS calls to this driver. This virus uses powerful stealth mechanism on the system driver level. That is why the virus is "invisible" during a read of infected files either with INT 21h or INT 25h. This virus uses direct access to DOS resources and overcomes practically all anti-virus "shields".
This virus spreads with great speed. If you try to load a file which can't be found on the disks, DOS will look for it in all PATH directories and the virus will infect all the files in these directories. During the first start this virus will infect all files in the current directory of C: drive.
|