Devastator_II.a
Description Devastator_II.a
These are very dangerous memory resident stealth parasitic viruses. They copy themselves to the DOS data area (address 0000:0500) or to Interrupt Vectors Table (address 0000:0200), hook INT 13h, 21h and write themselves to the beginning of .COM files that are accessed by DOS functions FindFirst/Next ASCII. While executing a file DOS also calls FindFirst, so the viruses also affect the files that are executed.
The viruses uses way of infection similar to the "Int13" virus. While infecting a file the viruses move its beginning (512 bytes) to the end of the file, intercept (by hooking INT 13h) absolute disk address while writing to the end of the file and store that address. Then the viruses overwrite the file beginning with their own code and do not increase the file length. To read original file beginning the viruses use absolute disk address - they read it by INT 13h DiskRead call. As a result the files are lost while copying them - the stored absolute addresses are incorrect for newly created copies.
The viruses contain the text:
Devastator
Check other viruses! Be aware! Use Antiviral Software
Jackel Family
Description Jackel Family
These are dangerous memory resident parasitic viruses. They hook INT 21h and writes itself to the end of .COM files that are executed.
Jackel.654
Depending on the system time it beeps by internal system speaker and halts PC. It contains the strings:
DH
_àcKèL
Jackel.713
It copies itself to the memory at the address 8000:0100, and does not fix MCB list. It might halt PC. While infecting this virus disables some anti-virus monitors like TBSCAN and VSAFE. It deletes the files:
TI-VIR.DAT
CHKLIST.CPS
*._??
SCANVAL.VAL
It also contains the text string:
_àcKèL5Version 5.0a
JackRipper
Description JackRipper
It's a dangerous memory resident boot virus. On loading from infected floppy it hits MBR of hard drive, then it hooks INT 13h and stays memory resident. It infects floppies on accessing to them. It contains the internal texts: "FUCK 'EM UP !" and "(C)1992 Jack Ripper". Sometimes it changes the bytes of the sectors on writing to disk.
|