1451COM / 1411EXE ? new virus (PC)

 


             *********************************************

             ***   Reports collected and collated by   ***

             ***            PC-Virus Index             ***

             ***      with full acknowledgements       ***

             ***            to the authors             ***

             *********************************************




  Date:    Fri, 08 Jun 90 10:11:00 +0700

  From:    "Tom Erjavec"<TOM.ERJAVEC@UNI-LJ.AC.MAIL.YU> x

  Subject: 1451COM / 1411EXE ? new virus (PC) ?


  Here is some (of the rare) news from Yugoslavia:


  We have had some 'classical' PC viruses for two years now: 1701,

  1704, Brain, Bouncing Ball, Jerusalem (1813COM/1808EXE), Yankee

  Doodle like (2885COM/2880EXE), Yankee Doodle (2772COM/2772EXE) and

  Disk Killer.  Now it seems we have another uninvited guest.


  In early June I was given a sample of a virus, found in a small SW

  engineering company. They detected no strange behaviour but

  prolongation of COM and EXE files.  I disassembled it and I'm

  posting a brief report:


  VirusName       : ?, (1451COM/1411EXE)

  Type            : indirect executable code infector

  Infects         : COM and EXE files

  VirusBodyLength : 1451 bytes (COM), 1411 bytes (EXE)

  Expanding victim: YES, to paragraph boundary, both COM and EXE

  Location in RAM : before end of memory

  Steals interrupt: 21h

  Intercepts func.: 40h (write to file), 4Bh (load & execute)

  Attacks         : Sept., Oct., Nov., Dec., each year

  Action          : When executing int 21h, func. 40h (write to file)

                    intercepts the call. If triggered the action code

                    increments register DX by 0Ah, changing the

                    address of buffer to be written to disk.

  Consequences    : wrong data (or garbage) written to disk


   Program package RETROVIR (c) Proteus detects and removes the

   1451COM/1411EXE from disk, along with all the other viruses

   mentioned above.


  I will be glad to receive reports on this virus from elsewhere.

  Does anyone know its origin?


  Tom.


  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

  ++++++++++++++++++++++++++ end of reports ++++++++++++++++++++++++

  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Comments

Post a Comment

Popular posts from this blog

BOTTOM LIVE script

                                  BOTTOM                                   ======                     by Adrian Edmondson and Rik Mayall                                 Bottom Live                                 ===========                               Richie  Rik Mayall                                Eddie  Adrian Edmondson Introduction ------------ [Opening shot of theatre, with huge pictures of Richie and Eddie. Caption: "Live fro...
Read more

Evidence supporting quantum information processing in animals

              Evidence supporting quantum            information processing in animals                    James A. Donald                    1068 Fulton Av                    Sunnyvale, CA 94089-1505                    USA I show that quantum systems can rapidly solve some problems for which finite state machines require a non- polynomially large time. This class of problems is closely related to the class of problems that animals can solve rapidly and effortlessly, but are intractable for computers by all known algorithms. 1. Introduction      Animals, including very simple animals, can rapidly and effortlessly perceive objects, whereas computers take nonpolynomial time to do this by all...
Read more

ARMIES OF CHAOS

                          ARMIES OF CHAOS -      Before anyone proposes more gun control, he or she should know  about a simple, deadly weapon 4 times as powerful as Dirty Harry's  legendary .44 Magnum -- and at least twice as concealable -- that  _can't_ controlled.        This simple, deadly weapon can be made by anyone -- even a  child -- with unpowered hand tools in an hour's time using $5 worth  of materials, most of which are available around the house anyway.   In traditional form it's reusable an unlimited number of times, and  modern plastics have rendered its disposable version electronically  undetectable.  You can clear a room with such a weapon (more of a  hand-held directional grenade than a gun -- sort of a recycleable  Claymore mine) and it's just one of hundreds of similar time-proven  designs. ...
Read more