| Description:
|
Details
Samara.1536
It is not a dangerous memory resident multipartite polymorphic virus. When an infected file is executed, the virus affects the MBR of the hard drive, then hooks INT 21h and writes itself to the end of COM and EXE files (except COMMAND.COM) that are accessed. The virus cancels anti-virus programs execution: AVPLITE, AIDSTEST, AVP, DRWEB, SCAN.
On loading from infected MBR the virus hooks INT 13h, waits for DOS loading process and hooks INT 21h. On loading from infected floppy disk the virus also infects the hard drive MBR.
While infecting the MBR and boot sectors the virus does not stores their original contents. To continue loading under infected environment the virus reads and executes the first sector on the C: drive. This sector usually contains standard OS loading routine. |
