"Flash" Virus

 


             *********************************************

             ***   Reports collected and collated by   ***

             ***            PC-Virus Index             ***

             ***      with full acknowledgements       ***

             ***            to the authors             ***

             *********************************************



===== Computer Virus Catalog 1.2: "Flash" Virus (20-July-1990) =======

Entry................. "Flash" Virus

Alias(e).............. "688" Virus

Strain................ ---

Detected: when........ ---

          where....... ---

Classification........ Program virus, resident virus

Length of virus....... 688 bytes added to infected files


--------------------- Preconditions ----------------------------------


Operating System(s)... MS-DOS

Version/Release....... 2.0 and up

Computer models....... Any IBM-compatibles


------------------------Attributes -----------------------

Easy identification...  ---


Type of infection..... The virus makes itself resident and intercepts

                          INT 21 upon subfunction 4Bh (load+execute);

                          the virus TSR tries to infect the loaded

                          file by appending itself to it. If the file

                          to be loaded has an extension starting with

                          "E", the virus assumes it to be an EXE file.


Infection trigger..... Loading of a file triggers infection mechanism.


Interrupts hooked..... INT 21, INT 24 (during infection);

                          INT08 (only upon payload trigger).


Damage................ Starting with June 1990, the virus hooks INT

                          08, and after a random time it starts to

                          flash the screen image every 7 minutes (5

                          rapid on/off cycles).  This effect is

                          visible on MDA, Hercules, and CGA adapters,

                          but *not* on EGA and VGA cards!


Particularities....... The virus tries to fool debuggers when tracing

                          by self modifying code that executes differ-

                          ently due to the instruction prefetch queue-

                          ing of 80x86 processors.


                       The detection of write protected floppies uses

                          a novel technique: a writeprotected floppy

                          in drive A: will disable the infection

                          mechanism of the resident copy of the virus.


----------------------- Acknowledgement ------------------------------

Location.............. Micro-BIT Virus Center RZ Universitaet

                       Karlsruhe


Classification by..... Christoph Fischer

Dokumentation by ..... Christoph Fischer

Date.................. 3-July-1990



====================== End of "Flash" Virus ==========================


  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

  ++++++++++++++++++++++++++ end of reports ++++++++++++++++++++++++

  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Comments

Post a Comment

Popular posts from this blog

WHAT THE WATCH TOWER BIBLE AND TRACT SOCIETY OF PENNSYLVANIA HAD TO SAY ABOUT WHAT WERE SUPPOSED TO HAVE HAPPENED in 1874

  AWAKEN                                                     Issue #33   1874 - WHAT THE WATCH TOWER BIBLE AND TRACT SOCIETY OF PENNSYLVANIA        HAD TO SAY ABOUT WHAT WERE SUPPOSED TO HAVE HAPPENED THEN.   This issue will comprise mainly of quotes from Watch Tower publications. Present day Jehovah's Witnesses are unlikely to be aware of any of this material. Why ? The Watch Tower had changed it's theology and does not bother to let it's followers know facts about the past especially since the present theology is totally contradictory to what was promoted in the past. Both sets of incompatible conjectures were promoted as being found  and proven in Scriptures. Prior to 1943 if a follower of the Watch Tower questioned any of the Watch Tower's teaching about 1874, that person risked getting kicked out of the group ...
Read more

Uninterruptable Power Source (UPS) FAQ

Article 61549 of news.answers: Xref: freenet.carleton.ca comp.misc:25723 comp.sys.hp.hardware:5708 comp.sys.sun.hardware:24796 comp.sys.sgi.hardware:9261 comp.sys.next.hardware:16000 comp.sys.dec:27561 comp.unix.admin:28511 comp.answers:8765 news.answers:33422 Path: freenet.carleton.ca!cunews!nott!bcarh189.bnr.ca!bcarh8ac.bnr.ca!bnr.co.uk!pipex!howland.reston.ans.net!news.cac.psu.edu!news.pop.psu.edu!hudson.lm.com!netline-fddi.jpl.nasa.gov!phoebe.jpl.nasa.gov!root From: ups@navigator.jpl.nasa.gov Newsgroups: comp.misc,comp.sys.hp.hardware,comp.sys.sun.hardware,comp.sys.sgi.hardware,comp.sys.next.hardware,comp.sys.ibm.hardware,comp.sys.dec,comp.unix.admin,comp.answers,news.answers Subject: Uninterruptible Power Source FAQ Followup-To: comp.misc Date: 10 Dec 1994 13:09:38 GMT Organization: Jet Propulsion Laboratory, Pasadena, CA Lines: 1346 Approved: news-answers-request@MIT.Edu Distribution: world Message-ID: <3cc9ai$fus@phoebe.jpl.nasa.gov> Reply-To: npc@minotaur.j...
Read more

Blade Runner FAQ

Archive-Name: movies/bladerunner-faq Version: 1.4 (May 1993) -------------------------------------------------------------------------------                                  BLADE RUNNER                            Frequently Asked Questions                        Copyright (C) 1993 Murray Chapman ------------------------------------------------------------------------------- Compiled by Murray Chapman (muzzle@cs.uq.oz.au), from sources too numerous to mention.  Thank-you one and all.                                INTRODUCTION                                ------------ The movie "Blade Runner"...
Read more