1451COM / 1411EXE ? new virus (PC)

 


             *********************************************

             ***   Reports collected and collated by   ***

             ***            PC-Virus Index             ***

             ***      with full acknowledgements       ***

             ***            to the authors             ***

             *********************************************




  Date:    Fri, 08 Jun 90 10:11:00 +0700

  From:    "Tom Erjavec"<TOM.ERJAVEC@UNI-LJ.AC.MAIL.YU> x

  Subject: 1451COM / 1411EXE ? new virus (PC) ?


  Here is some (of the rare) news from Yugoslavia:


  We have had some 'classical' PC viruses for two years now: 1701,

  1704, Brain, Bouncing Ball, Jerusalem (1813COM/1808EXE), Yankee

  Doodle like (2885COM/2880EXE), Yankee Doodle (2772COM/2772EXE) and

  Disk Killer.  Now it seems we have another uninvited guest.


  In early June I was given a sample of a virus, found in a small SW

  engineering company. They detected no strange behaviour but

  prolongation of COM and EXE files.  I disassembled it and I'm

  posting a brief report:


  VirusName       : ?, (1451COM/1411EXE)

  Type            : indirect executable code infector

  Infects         : COM and EXE files

  VirusBodyLength : 1451 bytes (COM), 1411 bytes (EXE)

  Expanding victim: YES, to paragraph boundary, both COM and EXE

  Location in RAM : before end of memory

  Steals interrupt: 21h

  Intercepts func.: 40h (write to file), 4Bh (load & execute)

  Attacks         : Sept., Oct., Nov., Dec., each year

  Action          : When executing int 21h, func. 40h (write to file)

                    intercepts the call. If triggered the action code

                    increments register DX by 0Ah, changing the

                    address of buffer to be written to disk.

  Consequences    : wrong data (or garbage) written to disk


   Program package RETROVIR (c) Proteus detects and removes the

   1451COM/1411EXE from disk, along with all the other viruses

   mentioned above.


  I will be glad to receive reports on this virus from elsewhere.

  Does anyone know its origin?


  Tom.


  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

  ++++++++++++++++++++++++++ end of reports ++++++++++++++++++++++++

  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Comments

Post a Comment

Popular posts from this blog

BOTTOM LIVE script

                                  BOTTOM                                   ======                     by Adrian Edmondson and Rik Mayall                                 Bottom Live                                 ===========                               Richie  Rik Mayall                                Eddie  Adrian Edmondson Introduction ------------ [Opening shot of theatre, with huge pictures of Richie and Eddie. Caption: "Live from the Mayflower Theatre, Southampton".] Vox Pop 1:  So I'm hoping that this is a lot ruder than the TV, because             they can get away with it. [Cut to Ade's dressing-room door. It opens to reveal a clothes rail, its only contents a brown jacket.] Vox Pop 2:  I just think they're ace, you know, absolutely excellent. [Cut to dressing-gown, pan across a pair of glasses and a revolver.] Vox Pop 3:  It couldn't be too rude, I mean that's what young people want. [Rik's dressing-room door.]
Read more

Fawlty Towers script for "A Touch of Class"

Fawlty Towers A Touch of Class Written by John Cleese and Connie Booth First of first series, first broadcast on September 19, 1975 on BBC2 Transcribed by Jason R. Heimbaugh (jrh@uiuc.edu) on October 10, 1993 Basil Fawlty  John Cleese Sybil Fawlty  Prunella Scales Manuel        Andrew Sachs Polly         Connie Booth Major Gowen   Ballard Berkeley Miss Tibbs    Gilly Flower Miss Gatsby   Renee Roberts Lord Melbury  Michael Gwynn Danny Brown   Robin Ellis Sir Richard   Morris Martin Wyldeck Mr Watson     Lionel Wheeler Mr Wareing    Terence Conoley Mr Mackenzie  David Simeon               [The Fawlty Towers reception lobby. The main entrance is at the               back, with the stairs to the right. The entrance to the dining               room is in the right wall; on the left, the reception desk               running along the left wall, with the entrance to the office               behind it. The entrance to the bar is beyond the desk.] Basil         [on th
Read more