OROPAX Virus

 


             *********************************************

             ***   Reports collected and collated by   ***

             ***            PC-Virus Index             ***

             ***      with full acknowledgements       ***

             ***            to the authors             ***

             *********************************************

 

 

==== Computer Virus Catalog 1.2: OROPAX-Virus (July 15, 1989) =======


Entry...............: OROPAX Virus

Alias(es)...........: Music Virus

Virus Strain........: ---

Virus detected when.: February 1989

Classification......: Program Virus (extending), Direct Action,

                      RAM-resident

Length of Virus.....: COM-files: length increased by 2756-2806 Byte,

                                 always divisable by 51.


-------------------- Preconditions ----------------------------------


Operating System(s).: MS-DOS

Version/Release.....: 2.xx upward

Computer model(s)...: IBM-PC, XT, AT and compatibles


-------------------- Attributes ------------------------------------


Easy Identification.: Typical texts in Virus body (readable with

                      HexDump facilities):  "????????COM" and

                      "COMMAND.COM"


Type of infection...: System: RAM-resident, infected if function 33E0h

                         of interrupt 21h returns 33E0h in

                         AX-register.  .COM File:  extending by using

                         FindFirst/FindNext- function in the home

                         directory until a COM File is encountered

                         with a different Attribute than N or A.

                         Files are only infected once.


                         The following .COM-files will not be

                         infected:


                         - COMMAND.COM,

                         - COM files with length divisible by 51,

                         - COM file with an attribute other than N or

                           A,

                         - COM files longer than 61980 Bytes.


                         .EXE File:  no infection.


Infection Trigger...: When any of the following INT 21h functions:

                         39h, 3Ah, 3Ch, 3D01h, 41h, 43h, 46h, 13h,

                         16h, or 17h are called; these functions are

                         also used by other resident DOS commands,

                         e.g.  MD, RD, DEL, REN, and COPY.


Interrupts hooked...: INT08h, INT20h, INT21h, INT27h


Damage..............: Transient Damage: After 5 minutes, the virus

                         will start to play three melodies repeatly

                         with a 7 minute interval in between.  This

                         can only be stopped with a reset.  OROPAX and

                         earcaps can be used to avoid "music

                         overload".


Damage Trigger......: Using a random number generator, the virus

                         decides whether to become active.


--------------------- Agents ---------------------------------------


Countermeasures.....: Category 3: ANTIORO.EXE (VTC Hamburg)


Countermeasures successful: ANTIORO.EXE finds and restores infected

                      programs (only for OROPAX).


Standard means......: notice .COM file length


-------------------- Acknowledgement --------------------------------


Location............: Virus Test Center, University Hamburg, FRG

Classification by...: Thomas Lippke

Documentation/Translation: Morton Swimmer

Date................: July 15, 1989


==================== End of OROPAX-Virus ===========================


  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

  ++++++++++++++++++++++++++ end of reports ++++++++++++++++++++++++

  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Comments

Post a Comment

Popular posts from this blog

WHAT THE WATCH TOWER BIBLE AND TRACT SOCIETY OF PENNSYLVANIA HAD TO SAY ABOUT WHAT WERE SUPPOSED TO HAVE HAPPENED in 1874

  AWAKEN                                                     Issue #33   1874 - WHAT THE WATCH TOWER BIBLE AND TRACT SOCIETY OF PENNSYLVANIA        HAD TO SAY ABOUT WHAT WERE SUPPOSED TO HAVE HAPPENED THEN.   This issue will comprise mainly of quotes from Watch Tower publications. Present day Jehovah's Witnesses are unlikely to be aware of any of this material. Why ? The Watch Tower had changed it's theology and does not bother to let it's followers know facts about the past especially since the present theology is totally contradictory to what was promoted in the past. Both sets of incompatible conjectures were promoted as being found  and proven in Scriptures. Prior to 1943 if a follower of the Watch Tower questioned any of the Watch Tower's teaching about 1874, that person risked getting kicked out of the group ...
Read more

Uninterruptable Power Source (UPS) FAQ

Article 61549 of news.answers: Xref: freenet.carleton.ca comp.misc:25723 comp.sys.hp.hardware:5708 comp.sys.sun.hardware:24796 comp.sys.sgi.hardware:9261 comp.sys.next.hardware:16000 comp.sys.dec:27561 comp.unix.admin:28511 comp.answers:8765 news.answers:33422 Path: freenet.carleton.ca!cunews!nott!bcarh189.bnr.ca!bcarh8ac.bnr.ca!bnr.co.uk!pipex!howland.reston.ans.net!news.cac.psu.edu!news.pop.psu.edu!hudson.lm.com!netline-fddi.jpl.nasa.gov!phoebe.jpl.nasa.gov!root From: ups@navigator.jpl.nasa.gov Newsgroups: comp.misc,comp.sys.hp.hardware,comp.sys.sun.hardware,comp.sys.sgi.hardware,comp.sys.next.hardware,comp.sys.ibm.hardware,comp.sys.dec,comp.unix.admin,comp.answers,news.answers Subject: Uninterruptible Power Source FAQ Followup-To: comp.misc Date: 10 Dec 1994 13:09:38 GMT Organization: Jet Propulsion Laboratory, Pasadena, CA Lines: 1346 Approved: news-answers-request@MIT.Edu Distribution: world Message-ID: <3cc9ai$fus@phoebe.jpl.nasa.gov> Reply-To: npc@minotaur.j...
Read more

Blade Runner FAQ

Archive-Name: movies/bladerunner-faq Version: 1.4 (May 1993) -------------------------------------------------------------------------------                                  BLADE RUNNER                            Frequently Asked Questions                        Copyright (C) 1993 Murray Chapman ------------------------------------------------------------------------------- Compiled by Murray Chapman (muzzle@cs.uq.oz.au), from sources too numerous to mention.  Thank-you one and all.                                INTRODUCTION                                ------------ The movie "Blade Runner"...
Read more