| Description:
|
Details
Joshi.a
These are dangerous stealth viruses. They infect floppy disks Boot-sectors and hard disk MBR during an access to them (INT 13h, ah=2,3,4,0Ah,0Bh). The viruses include two parts - the first part contains the body of the virus and is placed onto the boot sector (or MBR) of the disk, the second part contains the original first sector of the infected disk and the other eight sectors of the virus, and occupies the 40th or 80th track of the floppy disk (the virus uses nonstandard format); on the hard disks the second part of the virus body begins from the second sector of the starting track. The viruses can destroy FAT when they save their own copy on the disk.
The viruses hook INT 21h. Just after starting (rebooting of the system) they permanently check the interrupt vector 21h, and if it is changed the viruses read the new value of the vector. The viruses hook INT 9h (keyboard). When the ALT-CTRL-DEL keys are used to boot the system, the viruses will emulate rebooting: clear the screen and so on. The viruses will stay resident even if you boot the system from a clean and write-protected floppy disk.
On the 5th of January the viruses will display the message "Type `Happy Birthday, Joshi'!" and will wait for the entering "Happy Birthday, Joshi!" from the keyboard. The viruses hook the INT 8, 9, 13h, 21h. |
