Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
OS2.AEP. Viruses Information

Name: OS2.AEP.
Category: Viruses
Description: Details
OS2.AEP.a

It is a harmless nonmemory resident parasitic NewEXE (OS/2) virus. It searches for EXE and DLL files, checks them for an NE stamp, then checks the OS/2 marker in the NewEXE header. Next, the virus obtains the number of the code segment that is the entry point segment, shifts down all other segments, then increases the length of the entry point segment, and writes its code there. Then the virus fixes the relocation and name tables and returns the control to the host program.
Clean File Infected File
+----------------+ +----------------+
ƒMZ DOS Header ƒ ƒMZ DOS Header ƒ
ƒ----------------ƒ ƒ----------------ƒ
ƒNE NewEXE Headerƒ ƒNE NewEXE Headerƒ
ƒ----------------ƒ ƒ----------------ƒ
ƒSystem Tables ƒentryƒ ƒSystem Tables ƒ
ƒ----------------ƒpointƒ ƒ----------------ƒ
ƒSeg 1 ƒ<----+ ƒSeg 1 ƒ<--+
ƒ ƒ ƒ ƒ ƒ
ƒ----------------ƒ --+ ƒ- - - - - - - - ƒ<---- entry point
ƒSeg 2 ƒ ƒ ƒVirus ƒ ƒ
ƒ----------------ƒ ƒ ƒ ƒ---+ returns to original
. . . +--> ƒ----------------ƒ entry point
ƒ----------------ƒ ƒSeg 2 ƒ
ƒSeg n ƒ ƒ----------------ƒ
+----------------+ --+ . . .
ƒ ƒ----------------ƒ
ƒ ƒSeg n ƒ
+--> +----------------+

This is the first known virus that affects OS/2 files in the "right way" - it writes itself to the file and modifies the NewEXE header and other system areas.
While infecting a file, the virus uses the system calls:
DosAllocSeg DosFreeSeg DosChgFilePtr DosClose DosFindFirst DosFindNext
DosOpen DosRead DosWrite

The virus contains the text strings:
(C) 1995 American Eagle Publications Inc., All rights reserved.
*.EXE *.DLL DOSCALLS



Text added: June-26-1996



Top Viruses Visited Pages:
Invader. - 231 visits
not-a-virus:RiskWare.Tool.RegPatch. - 69 visits
Worm.P2P.Harex. - 63 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 55 visits
Small.58. - 55 visits
Coito.64 - 53 visits
I-Worm.Mapson. - 45 visits
Win32.Hidra - 41 visits
Win16.Klon.1177 - 40 visits
Marine.500 - 34 visits

Random Viruses Pages:
Macro.Word97.CM
BigMouse Famil
Worm.P2P.Hofo
Macro.Word.Meldun
Macro.Word.Macrokille
Kavaklar.74
Trojan.Noboo
Sebek.76
Buchares
ParityError Famil


 

© 2006-2008 spyware32.com - Privacy Policy