| Description:
|
Details
Lifeform.2101
It is a very dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are closed (i.e. the virus infects files that are copied, modified or scanned). On debugging or opening an infected file the virus disinfects it (stealth). On accessing infected files length the virus decreases it; when the F-PROT anti-virus or the ARJ, RAR, PKZIP, LHA, BACKUP utilities are run, the virus disables this stealth routine.
The virus also fools the AVPLITE and F-PROT anti-virus programs. When AVPLITE is run, the virus adds the "disable heuristic scanning" to the end of command line. When F-PROT reads data from files to scan them for viruses, the virus fills data buffer with garbage. The virus also deletes the anti-virus data files: ANTI-VIR.DAT, CHKLIST.MS, SMARTCHK.CPS, AVP.CRC, IVB.NTZ, CHKLIST.TAV. Under debugger the virus corrupts the CMOS checksum field and halts the computer. On May 23th the virus erases the data on the hard drive, corrupts the CMOS and displays the message:
-- [LifeForm] coded by ThE_WiZArD (1998) --
Cooler than a body on ice, Hotter than a rollin`dice
Wilder than a drunken fight all You`re gonna burn tonight
The virus also contains the text strings:
#ThE_WiZArD
Quo vadis Fridrik? ... and you Frans still working on this shit. |
