home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Collection of Hack-Phreak Scene Programs
/
cleanhpvac.zip
/
cleanhpvac
/
CASIOCOL.ZIP
/
WEEDV14.ZIP
/
WEED.NFO
< prev
next >
Wrap
Text File
|
1997-04-09
|
2KB
|
43 lines
Virus Author: Casio - RAiDERZ Coderz
Virus Name : WEED v1.4a
PayLoad.....: Files that are not the minimum size are destroyed. There is
also a text and a vga payload this virus contains. :-)
If the user presses \ while inside the vga mode, the
original program will run.
Virus Target: *.exe and *.com files. COMMAND.COM is avoided!
Target OS...: Win95 exe/com and DOS exe/com
Virus Info..: WEED will disable vsafe/vscan if found in memory. WEED will
also infect files after the host has finished running. Good
example: pkzip and pkunzip.exe. Once pkunzip.exe is infected
any files it makes for you *.com and *.exe will become weed
carriers. That is, before you even have access to them.
Virus Size..: Just a tad over 5k in length. There is a catch, not all
of the written data is actually viral :)
Encryption..: The entire virus is encrypted. Using different routines
(encryption/decryption) for each routine withen the virus!
Stealth.....: infected *.exe or *.com file will not notice infection while
in operation.
Tech Details:
This is the fifth generation of the WEED virus. It's a family now. :) Lots of
improvements and changes have been made. WEED v1.4a is smaller then v1.2 or
v1.3, but does more :) The defective critical error handler has been replaced
with code that should work fine. It seems to work alright during testing.
All encryption routines have had drastic changes made to them. Should ensure
difficulty for the end user who intends to remove this virus.
the encrypted weed message that didn't show in v1.3 does show in this version!
(Why the fuck I messed that code up before is beyond me... :-()
WEED is now Windows 95 aware, and will properly infect win95 exe files. :-)
START.EXE (32 bit enhanced driver for win95 apps) and COMMAND.COM are not in
any way touched by WEED. Those files are left alone!
there are no current plans to release the source to this virus. If you want to
see how it works that badly, test your skills at debugging it.