| Description:
|
Details
Pojer.4028
This is a benign memory resident polymorphic and stealth parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed. While opening or creating a file, the virus stores the file handle, and infects that file while closing. While opening, the virus also disinfects the infected files. The virus checks the file names, and does not infect the following files:
ASTA.EXE
F-PROT.EXE
DEFRAG.EXE
NDD.EXE
CPAV.EXE
MSAV.EXE
SCANDISK.EXE
CHKDSK.EXE
VSAFE.COM
UCOM.COM
UEXE.EXE
GUARD.EXE
GUARD.COM
TNTVIRUS.EXE
CLEAN.EXE
SCAN.EXE
VSHIELD.EXE
VSHIELD1.EXE
NETSCAN.EXE
IBMBIO.COM
IBMDOS.COM
CHKAVAST.COM
STROJ_F.EXE
STROJ_P.EXE
STROJ_S.EXE
KRNL286.EXE
KRNL386.EXE
On November 17th and February 6th, the virus beeps on the PC speakers, and then decrypts and displays the following message:
** BRAIN2 v2.00beta - upgrade from POJER **
BETA tester, thank you,
.. have a nice day in cyberspace all
This crazy program is (c) 12/93 by SB
In January, November, and September, on odd days, the virus also hooks INT 1Ch, and places a blinking '_' char in the upper left corner of the screen.
The virus also contains the following text string:
Kernel1.41 |
