home *** CD-ROM | disk | FTP | other *** search
/ ProfitPress Mega CDROM2 …eeware (MSDOS)(1992)(Eng) / ProfitPress-MegaCDROM2.B6I / UTILITY / VIRUS / PCV4RPT.ZIP / LEHIGH.RPT < prev    next >
Encoding:
Text File  |  1991-05-09  |  2.9 KB  |  78 lines
  1.  
  2.              *********************************************
  3.              ***   Reports collected and collated by   ***
  4.              ***            PC-Virus Index             ***
  5.              ***      with full acknowledgements       ***
  6.              ***            to the authors             ***
  7.              *********************************************
  8.  
  9. ====== Computer Virus Catalog 1.2: Lehigh Virus (15-Feb-1990) ========
  10.  
  11. Entry...............: Lehigh Virus
  12. Alias(es)...........: ---
  13. Virus strain........: ---
  14. Virus detected when.: November 1987
  15.               where.: Lehigh University (Bethlehem/USA)
  16. Classification......: System virus (COMMAND.COM), RAM-resident
  17. Length of virus.....: 555 bytes
  18.  
  19. --------------------- Preconditions ----------------------------------
  20.  
  21. Operating system(s).: MS-DOS
  22. Version/release.....: 2.0 and higher
  23. Computer model(s)...: All MS-DOS machines
  24.  
  25. --------------------- Attributes -------------------------------------
  26.  
  27. Easy identification.: Last two bytes of COMMAND.COM = A9h 65h,
  28.                       COMMAND.COM grows by 555 bytes.
  29.  
  30. Type of infection...: COMMAND.COM only (stack space at end of file
  31.                            overwritten); RAM resident (no check if
  32.                            RAM infected before).
  33.  
  34. Infection trigger...: Uninfected COMMAND.COM in the root directory of
  35.                            used or current drive (checked by INT 21h)
  36.  
  37. Storage media affected: Any COMMAND.COM on hard disk or diskette.
  38.  
  39. Interrupts hooked...: INT 21h: Ah = 4Bh(load) and Ah = 4E(find file)
  40.                       INT 44H: Set as old INT 21h
  41.  
  42. Damage..............: If A: or B: selected (if it is not the current
  43.                            drive), then sector 1 to 32 are overwritten
  44.                            with garbage read from BIOS and print-text
  45.                            (also from BIOS).
  46.  
  47. Damage trigger......: Infection counter = 4
  48.  
  49. Particularities.....: Not hardware-dependent: INT 21h, 26h used only
  50.  
  51. Similarities........: ---
  52.  
  53. --------------------- Agents -----------------------------------------
  54.  
  55. Countermeasures.....: ---
  56.  
  57. Countermeasures successful: Several antiviruses (McAfee, Solomon,
  58.                             Skulason et.al.) successfully detect and
  59.                             eradicate this virus.
  60.  
  61. Standard means......: ---
  62.  
  63. --------------------- Acknowledgement --------------------------------
  64.  
  65.     Location............: Virus Test Center, University Hamburg, FRG
  66.     Classification by...: Daniel Loeffler (disassembly by Joe Hirst)
  67.     Documentation by....: Daniel Loeffler
  68.     Date................: December 18, 1989
  69.     Information Source..: ---
  70.  
  71.  
  72. ========================= End of "Lehigh"-Virus ======================
  73.  
  74.  
  75.   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  76.   ++++++++++++++++++++++++++ end of reports ++++++++++++++++++++++++
  77.   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  78.