home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Collection of Hack-Phreak Scene Programs
/
cleanhpvac.zip
/
cleanhpvac
/
CASIOCOL.ZIP
/
RUSTBUG1.ZIP
/
RUSTBUG.NFO
< prev
Wrap
Text File
|
1997-05-26
|
4KB
|
69 lines
Virus Author: Casio - Written in April and May 1997
Virus Name : RUSTY BUG v1.0 alpha 4
Virus Target: DOS and Win95 *.exe / *.com files. START.EXE and COMMAND.COM
are not infected. Files considered to be bait are ignored.
Target OS...: Win95 and/or DOS.
Virus Info..: Rusty Bug is designed to be able to deal with Win95 executables
and msDOS executables.
Encryption..: Rusty Bug is fully encrypted at all times. All infected
files are encrypted during the infection phase. The encryption
system is variable. The encryption algorithm has been
changed (yet again). The encryptor should keep those not
very good at asm from restoring infected files. :)
Stealth.....: HOST stealth - Infected com and exe files will not notice any
modification during their operation. Self-checking programs
are easily defeated by Rusty Bug.
Rusty Bug is both dos and win95 compatable. Vsafe and Vscan if found in memory
are bypassed. Certain checksum files by certain Anti-Virus software is
destroyed if found. The weed viruses would corrupt files if they were too
small, Rusty Bug does not waste the valuable time. It leaves small files
alone. BAIT files are not worth the coding to overwrite them.
Rusty Bug contains two payloads, each of which has a 1/10 chance of going off
each time an infected program is executed. The first payload is an encrypted
message which is shown decrypted to the user. The second payload is a moving
StarField. If the user presses any key, the original program will continue
running.
Rusty Bug contains a new critical error handler, thereby trapping any possible
IO error. ranging from Sharing Violations to drive not ready errors. Heuristic
Scanners are defeated by Rusty Bug.
Rusty Bug has the following infection system:
1. Search for files inside any directories found via the PATH variable.
2. Search for files in current directory
3. Pass control to host
4. Search current directory again - The host might have made some new ones!
Naturally, checksum files created at any point while Rusty Bug is active are
destroyed. :-)
Rusty Bug will infect a Win v3.x series executable, however, unless the program
is run under Win95, it will no longer function. Instead of a nasty error, or
corruption message, Windows will be told the file is not windows based. This
problem only occurs on Win v3.x based systems. Before the user is informed that
windows v3.x cannot execute the file, Rusty Bug is given an oppurtunity to
further search and infect.
This virus is well armored against heuristic scanning and repair. Thunderbyte
Anti-virus is tricked into corrupting an infected file if you attempt to
use TBCLEAN. Rusty Bug has been tested against the following anti-virus
programs: FPROT, AVP, FINDVIRU, MCAFEE, TBAV, NORTON, and Integrity Master.
None of those scanners suspected anything when asked to scan Rusty Bug
infected files. The Mcafee scanner was the most pathetic of all of them.
Update:
For those of you who have been collecting each .EXE as it was released, Well
I'm sure you know I tend to update frequently. Anywayz, This is the newest
update thus far. It fixes a minor problem with size check code. Previously
certain files, although they did meet the file size criteria, Were not
infected. This has been corrected.
Those of you who don't already know, Rusty Bug is a HLL virus. Coded in a
shareware language called "ASIC" v5. Some of the code is patched from various
LIBs that I have collected. The contents are not stolen from other viruses
nor other real working programs.