Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
Starshi Viruses Information

Name: Starshi
Category: Viruses
Description: Details
Starship

This is a memory resident and not dangerous stealth polymorphic virus. It infects only newly created COM- and EXE-files on the A: and B: drives. The virus also infects MBR of the hard disk if an infected file is started. As a result of this policy the virus stays resident in memory and can be moved to other computers with the minimum of the infected objects. So it is more difficult to find the virus. There is one more reason to use such a policy: when only newly created files are infected there is no need to control the DOS fatal errors (INT 24h).
The virus infects files in a standard way using the polymorphic mechanism. To infect a disk the virus puts itself into the last sectors of it, replaces the active boot sector address in the Partition Table with its own starting address. During an access to MBR or to the last sectors the virus uses stealth mechanism.
The virus infects the memory during rebooting from an infected disk. It places some part of its TSR copy into the interrupt vectors table (0000:02C0) and into BIOS Data Area (0000:04B0); the main part of the code is placed into the video RAM (BB00:0050). When the operating system is loaded the virus looks for other programs. If some program has been swapped from the memory (Exit - INT 20h, INT 21h and ah=0 or 4Ch) the virus moves from the video RAM to the place of the program. If a program remains resident (Keep - INT 27h, INT 21 and ah= 31h) the virus "attaches" its code to the program body. The virus recovers its main part in the video RAM if this part has been corrupted, and does this from the disk.
Depending on the internal counters the virus "beeps" using Morse code and shows "stars" on the screen. It contains the string ">STARSHIP_1<". The virus hooks INT 13h, 20h, 21h, 27h.



Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits

Random Viruses Pages:
Kranty.25
Macro.Word.Hikma
FastKiller.48
Brasi
Macro.Excel97 Laroux, Legend, Robocop, Tjoro, Yoh
PZ Famil
Topa.245
Script.In
Easy.200.
Hungry.63


 

© 2006-2008 spyware32.com - Privacy Policy