home *** CD-ROM | disk | FTP | other *** search
/ ProfitPress Mega CDROM2 …eeware (MSDOS)(1992)(Eng) / ProfitPress-MegaCDROM2.B6I / UTILITY / VIRUS / PCV4RPT.ZIP / FLASH.RPT < prev    next >
Encoding:
Text File  |  1991-05-09  |  3.1 KB  |  71 lines
  1.  
  2.              *********************************************
  3.              ***   Reports collected and collated by   ***
  4.              ***            PC-Virus Index             ***
  5.              ***      with full acknowledgements       ***
  6.              ***            to the authors             ***
  7.              *********************************************
  8.  
  9.  
  10. ===== Computer Virus Catalog 1.2: "Flash" Virus (20-July-1990) =======
  11. Entry................. "Flash" Virus
  12. Alias(e).............. "688" Virus
  13. Strain................ ---
  14. Detected: when........ ---
  15.           where....... ---
  16. Classification........ Program virus, resident virus
  17. Length of virus....... 688 bytes added to infected files
  18.  
  19. --------------------- Preconditions ----------------------------------
  20.  
  21. Operating System(s)... MS-DOS
  22. Version/Release....... 2.0 and up
  23. Computer models....... Any IBM-compatibles
  24.  
  25. ------------------------Attributes -----------------------
  26. Easy identification...  ---
  27.  
  28. Type of infection..... The virus makes itself resident and intercepts
  29.                           INT 21 upon subfunction 4Bh (load+execute);
  30.                           the virus TSR tries to infect the loaded
  31.                           file by appending itself to it. If the file
  32.                           to be loaded has an extension starting with
  33.                           "E", the virus assumes it to be an EXE file.
  34.  
  35. Infection trigger..... Loading of a file triggers infection mechanism.
  36.  
  37. Interrupts hooked..... INT 21, INT 24 (during infection);
  38.                           INT08 (only upon payload trigger).
  39.  
  40. Damage................ Starting with June 1990, the virus hooks INT
  41.                           08, and after a random time it starts to
  42.                           flash the screen image every 7 minutes (5
  43.                           rapid on/off cycles).  This effect is
  44.                           visible on MDA, Hercules, and CGA adapters,
  45.                           but *not* on EGA and VGA cards!
  46.  
  47. Particularities....... The virus tries to fool debuggers when tracing
  48.                           by self modifying code that executes differ-
  49.                           ently due to the instruction prefetch queue-
  50.                           ing of 80x86 processors.
  51.  
  52.                        The detection of write protected floppies uses
  53.                           a novel technique: a writeprotected floppy
  54.                           in drive A: will disable the infection
  55.                           mechanism of the resident copy of the virus.
  56.  
  57. ----------------------- Acknowledgement ------------------------------
  58. Location.............. Micro-BIT Virus Center RZ Universitaet
  59.                        Karlsruhe
  60.  
  61. Classification by..... Christoph Fischer
  62. Dokumentation by ..... Christoph Fischer
  63. Date.................. 3-July-1990
  64.  
  65.  
  66. ====================== End of "Flash" Virus ==========================
  67.  
  68.   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  69.   ++++++++++++++++++++++++++ end of reports ++++++++++++++++++++++++
  70.   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  71.