Collection of Hack-Phreak Scene Programs

home *** CD-ROM | disk | FTP | other *** search

/ Collection of Hack-Phreak Scene Programs / cleanhpvac.zip / cleanhpvac / CASIOCOL.ZIP / RUSTBUG1.ZIP / RUSTBUG.NFO < prev

Wrap

Text File | 1997-05-26 | 4KB | 69 lines

Virus Author: Casio - Written in April and May 1997 Virus Name : RUSTY BUG v1.0 alpha 4 Virus Target: DOS and Win95 *.exe / *.com files. START.EXE and COMMAND.COM are not infected. Files considered to be bait are ignored. Target OS...: Win95 and/or DOS. Virus Info..: Rusty Bug is designed to be able to deal with Win95 executables and msDOS executables. Encryption..: Rusty Bug is fully encrypted at all times. All infected files are encrypted during the infection phase. The encryption system is variable. The encryption algorithm has been changed (yet again). The encryptor should keep those not very good at asm from restoring infected files. :) Stealth.....: HOST stealth - Infected com and exe files will not notice any modification during their operation. Self-checking programs are easily defeated by Rusty Bug. Rusty Bug is both dos and win95 compatable. Vsafe and Vscan if found in memory are bypassed. Certain checksum files by certain Anti-Virus software is destroyed if found. The weed viruses would corrupt files if they were too small, Rusty Bug does not waste the valuable time. It leaves small files alone. BAIT files are not worth the coding to overwrite them. Rusty Bug contains two payloads, each of which has a 1/10 chance of going off each time an infected program is executed. The first payload is an encrypted message which is shown decrypted to the user. The second payload is a moving StarField. If the user presses any key, the original program will continue running. Rusty Bug contains a new critical error handler, thereby trapping any possible IO error. ranging from Sharing Violations to drive not ready errors. Heuristic Scanners are defeated by Rusty Bug. Rusty Bug has the following infection system: 1. Search for files inside any directories found via the PATH variable. 2. Search for files in current directory 3. Pass control to host 4. Search current directory again - The host might have made some new ones! Naturally, checksum files created at any point while Rusty Bug is active are destroyed. :-) Rusty Bug will infect a Win v3.x series executable, however, unless the program is run under Win95, it will no longer function. Instead of a nasty error, or corruption message, Windows will be told the file is not windows based. This problem only occurs on Win v3.x based systems. Before the user is informed that windows v3.x cannot execute the file, Rusty Bug is given an oppurtunity to further search and infect. This virus is well armored against heuristic scanning and repair. Thunderbyte Anti-virus is tricked into corrupting an infected file if you attempt to use TBCLEAN. Rusty Bug has been tested against the following anti-virus programs: FPROT, AVP, FINDVIRU, MCAFEE, TBAV, NORTON, and Integrity Master. None of those scanners suspected anything when asked to scan Rusty Bug infected files. The Mcafee scanner was the most pathetic of all of them. Update: For those of you who have been collecting each .EXE as it was released, Well I'm sure you know I tend to update frequently. Anywayz, This is the newest update thus far. It fixes a minor problem with size check code. Previously certain files, although they did meet the file size criteria, Were not infected. This has been corrected. Those of you who don't already know, Rusty Bug is a HLL virus. Coded in a shareware language called "ASIC" v5. Some of the code is patched from various LIBs that I have collected. The contents are not stolen from other viruses nor other real working programs.