| Description:
|
Details
LightNing.4251
It is a very dangerous memory resident parasitic polymorphic virus. It hooks INT 13h, 21h and writes itself to the end of COM and EXE files that are executed, opened, renamed or when file's attributes are accessed. The virus does not infect anti-viruses AIDSTEST, DRWEB, -V (former AVP), ADINF, SCAN and ANTI*.
When .PAS files are opened (Pascal source files), the virus searches for "BEGIN" string within a .PAS file and inserts a line of source code that either reboots the computer, or halts it:
inline($b9/$02/$00/$e2/$fb);
inline($ea/$f0/$ff/$00/$f0);
By hooking INT 13h the virus encrypts the sectors that contain text data. The virus contains the text strings:
"LightNing" (c) 12.95 by ML, Krasnodar
MetaMorphic Generator (MMG) v1.0
AIDRWE-VADSCAN |
