|
|
Billiard.265 Viruses Information
| Name: |
Billiard.265 |
| Category: |
Viruses |
| Description:
|
Details
Billiard.2658
It is not a dangerous memory resident partly encrypted parasitic virus. When an infected program is executed, the virus decrypts its encrypted block of code by using INT 1 (tracing) tricks, hooks INT 9 (keyboard) and stays memory resident. On INT 9 calls the virus releases INT 9 and hooks 2Fh. On INT 2Fh calls the virus releases INT 2Fh and hooks INT 9 (as a result at any moment the virus hooks either INT 9 or INT 2Fh).
On INT 2Fh calls the virus also intercepts the INSTALLATION CHECK (AX=AE00h) command that is executed when a copy of COMMAND.COM processor is run, checks the command line, and if command line begins with "DIR" string the virus searches for .COM amd .EXE files and writes itself to the end of the file. While working DIR command the virus temporary hooks INT 21h and "decreases" the length of infected files when they are accessed by FindFirst/Next DOS functions.
On 31st of months the virus manifests itself by a video effect - it runs the symbols on the screen like playing billiard. |
Top Viruses Visited Pages:
Invader. - 233 visits
not-a-virus:RiskWare.Tool.RegPatch. - 70 visits
Worm.P2P.Harex. - 65 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 59 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 47 visits
Win16.Klon.1177 - 42 visits
Win32.Hidra - 42 visits
Marine.500 - 35 visits
Random Viruses Pages:
Shifter.98
Rom Famil
I-Worm.Unicl
Macro.Word97. Appder, Cap, Concept, Czech, Muck,
Nafigator.99
Win32.CTX.1085
MME-based viruse
Worm.Win32.Sasser.
BadCOM.55
I-Worm.Bagle.
|
|
