| Description:
|
Details
VPK.1430
It is a dangerous memory resident encrypted parasitic virus. The virus leaves its TSR copy in both DOS and Video memory, hooks INT 10h, 21h, 4Ah and returns control to the host file. INT 10h, 21h point to virus code in the Video memory, INT 4Ah (Alarm Clock) points to DOS memory.
INT 21h hook is used to intercept the files - the virus writes itself to the end of COM files that are executed. INT 10h, 4Ah hooks are used to disable/restore virus TSR copy in video memory. On several INT 10h calls the virus releases INT 10h, 21h (disables its Video TSR copy), on INT 4Ah calls the virus restores its Video TSR code and hooks.
The virus patches the MBR code with a program that in some rebooting corrupts the MBR data. Depending on its counters the virus manifest itself with a video effect, displays the message:
<< Russian killer! >>
The virus also contains a text in Russian. |
