home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Collection of Hack-Phreak Scene Programs
/
cleanhpvac.zip
/
cleanhpvac
/
CASIOCOL.ZIP
/
RUSTBUG2.ZIP
/
RUSTBUG.NFO
< prev
Wrap
Text File
|
1997-06-02
|
3KB
|
61 lines
Virus Author: Casio - Written in April and May 1997
Virus Name : RUSTY BUG v1.1
Virus Target: DOS and Win95 *.exe / *.com files. START.EXE and COMMAND.COM
are not infected. Files considered to be bait are ignored.
Target OS...: Win95 and/or DOS.
Virus Info..: Rusty Bug is designed to be able to deal with Win95 executables
and msDOS executables.
Encryption..: Rusty Bug is fully encrypted at all times. All infected
files are encrypted during the infection phase. The encryption
system is variable. The encryption algorithm has been
changed (yet again). The encryptor should keep those not
very good at asm from restoring infected files. :)
PayLoad.....: I knew you'd wanna know. Here is the payloads, haha.
A moving Starfield, and a nice message. They have a 1:200 chance
of going off each time an infected file is executed.
Stealth.....: HOST stealth - Infected com and exe files will not notice any
modification during their operation. Self-checking programs
are easily defeated by Rusty Bug.
Welcome to an all new Rusty Bug! :) The encryption system has been improved
and the Virus has been made smaller. hahaha I've saved about 5 to 600 bytes.
Small i suppose, But oh well.
A slight warning: Rusty Bug and SHARE.EXE do not get along! In fact, if
share is loaded in memory and you try to run any file infected with Rusty Bug
your computer will lockup hard! This problem only occurs on DOS or winv3.x
systems with share loaded. Win95 doesn't seem to have this annoying problem.
And, for the life of me, I have no fucking idea what causes it. I've spent
hours trying to track down the problem, No such luck! :( Maybe the next version
of Rusty Bug will just overwrite share.exe with exit to dos code.
If you have an older version of Rusty Bug, get rid of it... Unless your
collecting them. This one by far is the best! The payload routines have been
increased from 1:10 chances to 1:200 chances, To allow further spreading!
Rusty Bug has the following infection system:
1. Search for files inside any directories found via the PATH variable.
2. Search for files in current directory
3. Pass control to host
4. Search current directory again - The host might have made some new ones!
Naturally, checksum files created at any point while Rusty Bug is active are
destroyed. :-)
Although Rusty Bug can infect a win 3.x series executeable, (NE) it cannot
be executed under windows v3.x, If share is not loaded on that system,
Rusty Bug will further search and infect. If Share is loaded, prepare for
a rather nasty Lockup! :-( Oh well, bastards with Share loaded under dos/win31
are immune for now.
This virus is well armored against heuristic scanning and repair. Thunderbyte
Anti-virus is tricked into corrupting an infected file if you attempt to
use TBCLEAN. Rusty Bug has been tested against the following anti-virus
programs: FPROT, AVP, FINDVIRU, MCAFEE, TBAV, NORTON, and Integrity Master.
None of those scanners suspected anything when asked to scan Rusty Bug
infected files. The Mcafee scanner was the most pathetic of all of them.
Until my next release, haha... Infect someone you hate today!