|
|
BAT.Hot2Tro Viruses Information
| Name: |
BAT.Hot2Tro |
| Category: |
Viruses |
| Description:
|
Details
BAT.Hot2Trot
It is a dangerous nonmemory resident parasitic BAT virus. It searches for .BAT files in the current and parent directories, then writes itself to the end of the file. The virus uses an infecting way similar to parasitic COM infectors - it writes its code to the end of the file and inserts GoTo_Virus command to the file header:
+---------------+
¦@echo off ¦ Jmp-to-virus commands
+------¦goto HotToTrot3¦
¦+---->¦:To ¦
¦¦ +---------------¦ Original BAT file commands
¦¦ ¦all ¦
¦¦ ¦... ¦
¦¦ ¦... ¦
¦¦ +---------------¦
¦¦+----¦goto Trot3 ¦ Jump to return-to-DOS command
¦¦¦ +---------------¦
+----->¦:HotToTrot3 ¦ Main virus code
¦¦ ¦... ¦
¦¦ ¦... ¦
+-----¦goto To ¦ Return to host program
+--->¦Trot3: ¦ Return to DOS
+---------------+
While infecting a file the virus accesses DOS functions (INT 21h). To do that it creates and runs two temporary COM files - saves their hexadecimal dump to disk and converts it to binary file by using DEBUG (if there are no DEBUG in PATH, the virus may corrupt the files while infecting them). |
Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits
Random Viruses Pages:
Demig.1635
Peace.206
Ohlala Famil
Aref.89
Tiso.84
July13 Famil
Izhevsk.347
RGB.54
Made Famil
Phx Famil
|
|
