| Description:
|
Details
Freedom Family
These are very dangerous memory resident encrypted parasitic viruses. They hook INT 3, 21h and write themselves to the end of COM and EXE files (except COMMAND.* and AIDS*.*) that are accessed with FindFirst/Next DOS functions. The viruses also intercept Write DOS call (AH=40h), and compare the data buffer with the strings in Russian "military", "soldier", "weapon". If these strings are found, the viruses erase hard drive sectors, CMOS, and display the message:
F R E E D O M
"Freedom.3600" also hooks Read functions AH=3Fh and check the data while reading as well as while writing.
The viruses also contain the text strings:
"Freedom.2248":
COMMAND AIDS .EXE .COM
* 1.45/2/01.02.1995
"Freedom.3600":
COMMAND AIDS ADINF WEB .EXE .COM
* 2.15/3/09.05.1995
Under debugger "Freedom.2248" corrupts the data and displays the message in the same way. |
