home *** CD-ROM | disk | FTP | other *** search
/ ProfitPress Mega CDROM2 …eeware (MSDOS)(1992)(Eng) / ProfitPress-MegaCDROM2.B6I / UTILITY / VIRUS / PCV4RPT.ZIP / MIX1.RPT < prev    next >
Encoding:
Text File  |  1991-05-09  |  3.6 KB  |  87 lines
  1.  
  2.              *********************************************
  3.              ***   Reports collected and collated by   ***
  4.              ***            PC-Virus Index             ***
  5.              ***      with full acknowledgements       ***
  6.              ***            to the authors             ***
  7.              *********************************************
  8.  
  9.  
  10. ======= Computer Virus Catalog 1.2: "MIX1" Virus (15-Feb-1990) =======
  11.  
  12. Entry...............: MIX1 Virus
  13. Alias(es)...........: Mixer1
  14. Virus strain........: Icelandic Virus
  15. Virus detected when.: August 22, 1989
  16.               where.: BBSs in Israel
  17. Classification......: Program virus (.EXE files) - Extending,
  18.                       RAM-resident.
  19. Length of virus.....: 1. Infected .EXE files enlarged by 1618-1634
  20.                          bytes (depends on the original file size).
  21.                       2. 2048 bytes in RAM.
  22.  
  23. --------------------- Preconditions ----------------------------------
  24.  
  25. Operating system(s).: PC/MS DOS version
  26. Version/Release.....: 2.0 or later.
  27. Computer model(s)...: IBM-PC, XT, AT and compatibles
  28.  
  29. --------------------- Attributes -------------------------------------
  30.  
  31. Easy Identification.: 1. "MIX1" are the last 4 bytes of the infected
  32.                               file.
  33.                       2. In DEBUG to check byte 0:33C. If this equals
  34.                               77h, then the virus is in memory.
  35.  
  36. Type of infection...: System: Infected if byte 0:33C equals 77h.
  37.                       .EXE files: Only files which do not have a
  38.                                   signature at their end are infected.
  39.                                   File length is increased by 1618 -
  40.                                   1634 bytes.
  41.  
  42. Infection trigger...: When executing/load .EXE files through interrupt
  43.                            21h service 4bh.
  44.  
  45. Interrupt hooked....: 21h, 14h, 17h, optionally 8,9 (after 6th level
  46.                            of infection).
  47.  
  48. Damage..............: Garbled output on parallel and serial connec-
  49.                            tions, after 6th level of infection boot
  50.                            will crash the system (a bug), num-lock
  51.                            is constantly on, a ball will start boun-
  52.                            cing.
  53.  
  54. Damage trigger......: After executing and infected file is executed
  55.  
  56. Particularities.....: 1. Booting may crash the computer (possibly
  57.                            a bug).
  58.                       2. Memory allocation is done through direct
  59.                            MCB control.
  60.                       3. Does not allocate stack, and therefore makes
  61.                            some files unusable.
  62.                       4. Infects only files which are bigger than 8K.
  63.  
  64. --------------------- Agents -----------------------------------------
  65.  
  66. Countermeasures.....: Virus Buster and more commercial, Israeli anti
  67.                            viral software (JIV, Turbo Anti-Virus).
  68.  
  69. Countermeasures successful: Virus Buster will locate the virus and
  70.                            upon request, will remove it.
  71.  
  72. Standard means......: Check byte 0:33C (cf: Easy identifications).
  73.  
  74. --------------------- Acknowledgement --------------------------------
  75.  
  76. Classification by...: Yuval Tal (NYYUVAL@WEIZMANN.BITNET), Ori Berger
  77. Documentation by....: Yuval Tal (NYYUVAL@WEIZMANN.BITNET), Ori Berger
  78. Date................: December 19, 1989
  79.  
  80.  
  81. ===================== End of MIX1 Virus =============================
  82.  
  83.  
  84.   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  85.   ++++++++++++++++++++++++++ end of reports ++++++++++++++++++++++++
  86.   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  87.