| Description:
|
Details
Mbd.1258
These are not dangerous memory resident encrypted parasitic viruses. They hook INT 8, 21h and write themselves to the end of COM and EXE files that are executed. The viruses do not infect the files: DRWE*, AIDS*, AV*, ADIN*, COMM* (DRWEB, AIDSTEST, AVP, ADINF, COMMAND.COM).
The virus TSR copy occupies just 232 bytes of the memory - while installing memory resident the virus saves its complete code to reserved hard drive sectors (on zero track) and reads that code from there in case of need (on infecting). The virus leaves its TSR copy (INT 8 and INT 21h handlers) in DOS data area at address 0060:0000. As a result, the virus is active, but it does not occupy conventional memory and it is not visible by any memory browser.
Depending on their internal counters the viruses dial the phone number 02 (police line in Russia) or 113. The viruses contain the text string:
Virus-MENT, v1.0 (C) MBD Poccuu. XI.1996 #
"Mbd.1317" has several strings in Russian, "Mbd.1258" contains they translated to English:
# HELLO, POLICE ! I`M, DIRTY USER, HAVE STEAL BILLY`S WINDOWS !
# POLICE OF THE WORLD, HANDS OFF FROM CYBERSPACE ! |
