| Description:
|
Details
VCG
It is a family of DOS parasitic polymorphic viruses based on the so-called "VCG" polymorphic engine. There are several virus versions known: all they are nonmemory resident, search and infected COM files in the current directory, write themselves to the end or to the top of the file depending on the virus version. One of virus versions also writes the text "BELKA" to the infected files header. The viruses have bugs and often corrupt files while infecting them, or/and halt the computer.
The viruses use quite complex polymorphic engine that rebuild virus code each time the infection procedure is activated. In different infected files different assembler instructions or ever sets of instructions are used to do the same operations. The engine also mixes blocks of virus code, inserts junk instructions, etc. The virus also changes data offsets in its assembler instructions, constants and so on. As a result, the virus is not encrypted, but it has no constant parts of code and ever the length of virus is changed. |
