home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The Unsorted BBS Collection
/
thegreatunsorted.tar
/
thegreatunsorted
/
live_viruses
/
virus_collections
/
info2.txt
< prev
next >
Wrap
Text File
|
1994-10-08
|
5KB
|
73 lines
====== Computer Virus Catalog 2.0: AntiCAD Virus (31-January-1992) =======
Entry...............: AntiCAD Virus
Alias(es)...........: AntiCAD-4096 = Invader Virus
Virus Strain........: Jerusalem Virus Strain, ANTICAD Substrain
detected when.: August 1990
where.: Australia
Classification......: Program (COM, EXE) & System (Boot, Master Boot) infecto
Length of Virus.....: 1) Length on media: 4,096 bytes on COM & BOOT;
4,096-4,111 bytes on EXE
2) Length in memory: 5,120 bytes
--------------------- Preconditions ---------------------------------------
Operating System(s).: MS-DOS and compatible OS
Version/Release.....: MS-DOS 3.0 and upwards
Computer model(s)...: IBM and compatible PCs
Caroname............: Jerusalem.AntiCAD.4096
--------------------- Attributes ------------------------------------------
Easy identification.: Virus contains text:
"NO SYSTEMDISK...PLEASE INSERT..."
Type of Infection...: Depending on type of victim:
COM: Prepending but COMMAND.COM not infected;
EXE: Appending but ACAD.EXE not infected;
BOOT: any diskette without write protection;
Master-BOOT: all HD-Drives.
Infection Technique.:
Infection Trigger...: Any Load/Execute operation
Storage Media affec.: All kinds (disks, any diskette)
Interrupts hooked...: 08h (Timer), 09h (Keybord), 13h (Disk),
21h (DOS-Calls), 24h (error handler).
Stealth.............:
Tunneling/Selfprot..:
Oligo/Polymorphism..:
Encoding Method.....:
Damage..............: Transient: the virus plays some music (variants
may play noise), and system is slowed down.
This routine activates
Permanent: If CTRL-ALT-DEL is pressed while
music is playing or ACAD is loaded, *all in-
formation on all disks will be overwritten*.
CMOS-entries will be deleted.
Damage Trigger......: Transient damage: in original ANTICAD virus,
transient damage (playing music, system slow-
down) is activated 30 minutes after virus'
activation. In ANTICAD variants, activation
of transient damage (music/noise) may be de-
layed between 7 and 30 days.
Permanent damage: one of the following activi-
ties will activate permanent damage (over-
writing disk media, deleting CMOS entries):
P1) pressing CTRL-ALT-DEL when
music/noise is played;
P2) execution of ACAD;
P3) after about 4000 keystrokes.
These effects may not be activated every
time as activation also depends on several
internal triggers.
Particularities.....: ---
Similarities........: Viruses in same (Jerusalem) strain, and esp.
those in same (AntiCAD) substrain.
--------------------- Agents ----------------------------------------------
Countermeasures.....: According to their documentation, many antivirus
products claim recognise and eradicate virus.
Standard means......: 1) Reboot from clean bootdisk.
2) Delete all infected files.
3) Use SYS-Command to reinstall BOOT sector.
4) Use FDISK /MBR to reinstall Master-BOOT
sector (MS-DOS 5.0 only).
--------------------- Acknowledgements ------------------------------------
Location............: Virus-Test-Center, University Hamburg, Germany
Classification by...: Matthias Jaenichen
Documentation by....: Matthias Jaenichen
Date................: 31-January-1992
Information Source..: Disassembly, "PC Viruses" by A.Solomon, "VSUM" (P.Hofma
========================== End of AntiCAD Virus ===========================
