| Description:
|
Details
TotalTrash.2169
These are harmless memory resident parasitic stealth viruses. They hook INT 21h and write themselves to the end of EXE files. The viruses do not infect the files in "standard" virus way - on executing, opening or closing, but do that only if a file is accessed by one of several file compressing or backup utilities such as PKZIP, LZEXE, LHA, RAR, ARJ, ZIP and so on (see the text string below). So, the viruses hide themselves - the files are infected only in archives, backup and if they are packed. To detect it anti-virus has to be able to scan inside of packed files and archives. Moreover, when an infected file is decompressed or extracted from an archive, the viruses run their stealth routines and the file looks as clean, if the virus is active in the system.
The viruses contain the text strings, the last one contains the list of utilities that trig virus to infect files:
[Total Trash] by Sepultura.
Immortal Riot/Genesis - Punishing Your Machine in '96
PK LL UC LZE LHA RAR ARJ ZIP TEL XCO BAC QMO MSBA CPBA |
