home *** CD-ROM | disk | FTP | other *** search
/ ProfitPress Mega CDROM2 …eeware (MSDOS)(1992)(Eng) / ProfitPress-MegaCDROM2.B6I / UTILITY / VIRUS / PCV4RPT.ZIP / EIGHT-T.RPT < prev    next >
Encoding:
Text File  |  1991-05-09  |  5.1 KB  |  103 lines
  1.  
  2.              *********************************************
  3.              ***   Reports collected and collated by   ***
  4.              ***            PC-Virus Index             ***
  5.              ***      with full acknowledgements       ***
  6.              ***            to the authors             ***
  7.              *********************************************
  8.  
  9.  
  10. ===== Computer Virus Catalog 1.2: "8-TUNES" Virus (11-JUN-1990) =====
  11.  
  12. Entry...............: "8-Tunes" Virus
  13. Alias(es)...........: "1971" Virus
  14. Virus Strain........: ---
  15. Virus detected when.: ---
  16.               where.: ---
  17. Classification......: Link-virus (extending), RAM-resident
  18. Length of Virus.....: .COM files: program length increases by
  19.                           1971-1986 bytes: (length -3) mod 16 = 0.
  20.                       .EXE files: program length increases by
  21.                           1971-1986 bytes: (length -3) mod 16 = 0.
  22.  
  23. ------------------- Preconditions -----------------------------------
  24. Operating System(s).: MS-DOS
  25. Version/Release.....: 2.xx upward
  26. Computer model(s)...: IBM-PC, XT, AT and compatibles
  27.  
  28. ------------------- Attributes --------------------------------------
  29. Easy Identification.: Typical texts in Virus body (readable
  30.                          with HexDump-facilities):"COMMAND.COM" in the
  31.                          data area of the virus; increased filelength
  32.                          if the file is infected.
  33.  
  34. Type of infection...: System: infected if function E00Fh of INT 21h
  35.                          returns the value 4C31h in the AX-register.
  36.                       .Com files: program length increases by
  37.                          1971-1986 bytes; if infected, the bytes
  38.                          007h,01fh,05fh,
  39.                          05eh,05ah,059h,05bh,058h,02eh,0ffh,02eh,00bh,
  40.                          000h are found 62 bytes before end of file; a
  41.                          .COM file will only be infected once.  .COM
  42.                          files will not be infected if filelength<8177
  43.                          and filelength>63296; virus will be linked to
  44.                          the end of the program.
  45.  
  46.                       .EXE files: program length increases by
  47.                          1971-1987 bytes.  If it is infected the bytes
  48.                          007h, 01fh, 05fh, 05eh, 05ah, 059h, 05bh,
  49.                          058h, 02eh, 0ffh, 02eh, 00bh, 000h are found
  50.                          62 bytes before end of file; an .EXE file
  51.                          will only be infected once; .EXE files will
  52.                          not be infected if filelength<8177; virus
  53.                          will be linked to the end of the program.
  54.  
  55. Infection Trigger...: Programs are infected during load procedure
  56.                          (Load/Execute-function of Ms-Dos).
  57.  
  58. Interrupts hooked...: INT21h, INT08h (only if triggered),
  59.                       INT24h (only while infecting a file)
  60.  
  61. Damage..............: Transient Damage:
  62.                       After 30 minutes, the virus will play one of
  63.                       eigth melodies (random selection). After a short
  64.                       time, the virus will play a melody again.
  65.  
  66. Damage Trigger......: Damage occurs 90 days after the file infection.
  67.  
  68. Particularities.....: 1. COMMAND.COM will not be infected.
  69.                       2. Normally, the virus will stay resident at the
  70.                             end of the available memory; only if the
  71.                             memory is fragmented by special software,
  72.                             the virus may become resident (via Dos-
  73.                             function 31h).
  74.                       3. One function (0E00Fh) used by Novell- Netware
  75.                             4.0 can't be accessed anymore.
  76.                       4. The damage occurs immediately when processing
  77.                             a file with creation date before 1984.
  78.                       5. During a file infection, the virus looks for
  79.                             "BOMBSQAD.COM", an antivirus-tool control-
  80.                             ling accesses to disks; if found, the
  81.                             virus will deactivate it (tested with
  82.                             BOMBSQAD V. 1.2).
  83.                       6. During a file infection, the virus looks for
  84.                             "FSP.COM" (Flushot+), an antivirus tool
  85.                             controlling accesses to disks, files etc.
  86.                             If found, the virus will stop file
  87.                             infection (tested with FLUSHOT V. 1.4).
  88.  
  89. -------------------- Acknowledgement ---------------------------------
  90.  
  91. Location............: Virus Test Center, University Hamburg, FRG
  92. Classification by...: Thomas Lippke, Michael Reinschmiedt
  93. Documentation by....: Michael Reinschmiedt, Thomas Lippke
  94. Date................: 11-JUN-1990
  95.  
  96.  
  97. ==================== End of "8-TUNES"-Virus ==========================
  98.  
  99.  
  100.   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  101.   ++++++++++++++++++++++++++ end of reports ++++++++++++++++++++++++
  102.   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  103.