| Description:
|
Details
WilliWonka.1088
It is not a dangerous(?) memory resident parasitic virus. It hooks INT 21h and writes itself to the end of EXE-files that are executed. The virus searches for the PROTEZ.EXE file in the current directory, and hooks INT 1Ch if such file is found. Then the virus checks the video memory at the address B800:0818, and if there is a digit from 2 till 9, the virus patches the code in the system memory at the address 7000:0041.
The virus contains the encrypted text string:
WilliWonka |
