| Description:
|
Details
Mirror.4130
It is a harmless memory resident parasitic stealth polymorphic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are accessed. It contains the text strings:
[ Mirror: Bit Addict / TridenT ]
COMSPEC=
The virus uses very unusual way of infection. It realizes the "anti-stealth" technique, that virus is "reverse" one. While accessing to not infected files with any DOS command they appears as infected, but the virus does not infect them on disk. The virus substitutes the original body and length of not infected files with their infected form. While viewing by any editor these files are visible as containing the virus code, but these files are not infected in real. DIR command reports increased file lengths. The way to infect the files is to copy them to not COM/EXE extensions, or pack with any packer such as ZIP or ARJ. |
