home *** CD-ROM | disk | FTP | other *** search
/ ProfitPress Mega CDROM2 …eeware (MSDOS)(1992)(Eng) / ProfitPress-MegaCDROM2.B6I / UTILITY / VIRUS / PCV4RPT.ZIP / XA1.RPT < prev    next >
Encoding:
Text File  |  1991-05-09  |  3.4 KB  |  70 lines
  1.  
  2.              *********************************************
  3.              ***   Reports collected and collated by   ***
  4.              ***            PC-Virus Index             ***
  5.              ***      with full acknowledgements       ***
  6.              ***            to the authors             ***
  7.              *********************************************
  8.  
  9.  
  10. ======= Computer Virus Catalog 1.2: "XA1" Virus (20-July-1990) =======
  11. Entry................. "XA1" Virus
  12. Alias(e).............. V1539 Virus
  13. Strain................ ---
  14. Detected: when........ March 1990
  15.           where....... West-Germany (Altena)
  16. Classification........ Program virus, direct action COM infector
  17. Length of virus....... 163 bytes added to COM files
  18. ----------------------- Preconditions --------------------------------
  19. Operating System(s)... MS-DOS
  20. Version/Release....... 2.0 and up
  21. Computer models....... Any IBM-compatibles
  22. ------------------------Attributes -----------------------------------
  23. Easy identification... The virus contains the following German string:
  24.                        "Und er lebt doch noch : Der Tannenbaum !",0Dh,
  25.                        0Ah,00h, "Frohe Weihnachten ...",0Dh,0Ah,07h,
  26.                        00h (translated in English: "And he lives:  the
  27.                        Christmas tree", "Happy Christmas").
  28.  
  29. Type of infection..... Direct action; prepending 1539 bytes to
  30.                           COM files.
  31. Infection trigger..... Executing an infected file will trigger the
  32.                           multiple infection attempts searching the
  33.                           PATH variable in the environment.
  34. Interrupts hooked..... INT 24
  35. Damage................ When an infected program is run between
  36.                          December 24th and 31st (any year), the virus
  37.                          will display a full screen image of a
  38.                          christmas tree and german seasons greetings.
  39.  
  40.                        When an infected program is run on April 1st
  41.                           (any year), it drops a code into the boot-
  42.                           sectors of floppy A: and B: as well as into
  43.                           the partition table of the harddisk. The old
  44.                           partition sectors are saved but most likely
  45.                           destroyed since running another infected
  46.                           file will save the modified partition table
  47.                           to the same location. On any boot attempt
  48.                           from an infected harddisk or floppy, the
  49.                           text "April April" will be displayed and the
  50.                           PC will hang.
  51.  
  52. Particularities....... The virus is self-encrypting and tries to fool
  53.                           debuggers. The decrypting routine is
  54.                           slightly modified upon each infection.
  55.  
  56. ----------------------- Acknowledgement ------------------------------
  57.  
  58. Location.............. Micro-BIT Virus Center RZ Universitaet
  59.                           Karlsruhe
  60.  
  61. Classification by..... Christoph Fischer
  62. Dokumentation by ..... Christoph Fischer
  63. Date.................. 16-March-1990
  64.  
  65. ====================== End of "XA1" Virus ============================
  66.  
  67.   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  68.   ++++++++++++++++++++++++++ end of reports ++++++++++++++++++++++++
  69.   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  70.