home *** CD-ROM | disk | FTP | other *** search
/ ProfitPress Mega CDROM2 …eeware (MSDOS)(1992)(Eng) / ProfitPress-MegaCDROM2.B6I / UTILITY / VIRUS / PCV4RPT.ZIP / KEYPRESS.RPT < prev    next >
Encoding:
Text File  |  1991-05-28  |  3.7 KB  |  69 lines
  1.  
  2.              *********************************************
  3.              ***   Reports collected and collated by   ***
  4.              ***            PC-Virus Index             ***
  5.              ***      with full acknowledgements       ***
  6.              ***            to the authors             ***
  7.              *********************************************
  8.  
  9.  
  10. ==== Computer Virus Catalog 1.2: Keypress Virus (10-February-1991) ===
  11. Entry...............: Keypress Virus
  12. Alias(es)...........: ---
  13. Virus Strain........: ---
  14. Virus detected when.: January 1991 (when VTC received virus copy)
  15.               where.: Frankfurt    (in an international hotel)
  16. Classification......: Program virus (extending), RAM-resident
  17. Length of Virus.....: .COM-file length increased by 1232-1247 bytes;
  18.                       .EXE-file length increased by 1472-1487 bytes.
  19. --------------------- Preconditions ----------------------------------
  20. Operating System(s).: MS-DOS
  21. Version/Release.....: 2.xx upward
  22. Computer model(s)...: IBM - PC, XT, AT and compatibles
  23. --------------------- Attributes -------------------------------------
  24. Easy Identification.: Typical text in virus body (readable with
  25.                       HexDump-utilities): ".COM",00h,".EXE",00h
  26. Type of infection...: System: RAM-resident, infected if the word
  27.                          0001h is found at position 0000h:0600h.
  28.                       .COM - Files: if DOS version>=3.00 then ex-
  29.                          tended by using EXEC-function else ex-
  30.                          tended by using open file function and no
  31.                          system file infection. Only files with length
  32.                          from 1217 to 64064 bytes can be infected;
  33.                          files may only be infected once.
  34.                       .EXE - Files: if DOS version>=3.00 then extended
  35.                          by using EXEC-function else extended by using
  36.                          open file function and no system file infec-
  37.                          tion; files may only be infected once.
  38. Infection Trigger...: When function 4B00h (EXEC), or function 3D0x
  39.                          (open file) of INT 21h is called.
  40. Interrupts hooked...: INT 21h and INT 1Ch always; INT 23h and INT 24h
  41.                          during infection.
  42. Damage..............: Transient damage: every 10 minutes, the virus
  43.                          will look at INT 09h (keyboard interrupt) for
  44.                          2 seconds; if a keystroke is recognized
  45.                          during this time, it will be repeated depend-
  46.                          ing on how long the key is pressed; it thus
  47.                          appears as a "bouncing key".
  48.                       Permanent damage: ---
  49. Particularities.....: Date and time of last file modification is set
  50.                          to the current date.
  51.                       .COM files longer than 64032 bytes are no longer
  52.                          loadable.
  53. --------------------- Agents -----------------------------------------
  54. Countermeasures.....: ---
  55. - ditto - successful: ---
  56. Standard means......: Notice file length.
  57.                       Notice date and time of last file modification.
  58. --------------------- Acknowledgement --------------------------------
  59. Location............: Virus Test Center, University Hamburg, Germany
  60. Classification by...: Thomas Lippke
  61. Documentation by....: Thomas Lippke
  62. Date................: 10-February-1991
  63.  
  64. ===================== End of Keypress-Virus ==========================
  65.  
  66.   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  67.   ++++++++++++++++++++++++++ end of reports ++++++++++++++++++++++++
  68.   +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  69.