| Description:
|
Details
Gumbs.3584
It is not a dangerous memory resident encrypted, stealth multipartite virus. It hooks INT 13h, 1Ch, 21h, infects the C: drive boot sector and writes itself to the end of EXE files on the floppy disks on file accessing.
When an infected file is executed, the virus writes itself to the boot sector of first drive on the hard disk (C: drive) and returns control to the host file. On rebooting the virus starts from affected boot sector, installs itself into DOS memory and hooks INT 13h and INT 21h.
By hooking INT 13h the virus hides its code presence in C: drive sectors (stealth). By hooking INT 21h the virus also runs its stealth routines, as well as infection.
On accesses to EXE files on floppy drives (A: and B:) the virus infects them. The virus does not infect the files AIDS*.EXE and DRWE*.EXE. The virus also runs its stealth routine to hide infected file length growing on floppy disks as well as on the hard drive.
On April 1st in one case of eight the virus intercepts INT 8 (timer) and plays the "Hey Jude" tune (The Beatles).
The virus contains text string in Russian and the text:
Disk I/O error. |
