| Description:
|
Details
Dikshev.3529
It is not a dangerous nonmemory resident polymorphic parasitic virus. It searches for COM files in the current directory, then writes itself to the end of the file. The virus contains the text string:
Jedem das Seinem
The virus uses the EPO (Entry Point Obscuring) methods and in most of cases does not modify the file "entry address". To do that the virus scans the first Kb of victim file code, looks for first interrupt call INT 10h or INT 21h and replaces this instruction with Jump opcode to its polymorphic decryptor. In case there are no INT 10h,21h calls in the victim file, the virus infects it by the standard way and overwrites file header with JMP_Virus instruction. |
