| Description:
|
Details
GGM Family
These are not dangerous memory resident parasitic viruses. They hook INT 8, 21h and write themselves to the end of .EXE files. As the first the "GGM.936" virus infect the C:DOSSMARTDRV.EXE file. Then that virus infects the files that are executed. That virus checks the file name, compares the name beginning (two letters) with the string:
sctbclf-fp
and does not infect the anti-viruses SCAN, TB*, CLEAN, F-PROT and FPROT.
"GGM.898" infects only one file - C:TESTTESTTESTTESTTEST.EXE, and seems to be a test virus.
By hooking INT 8 the viruses checks the text that is typed and echoed on the screen. When the string "givegodmode" is entered, the virus adds the string "65535". When "iamtheboss" is entered, the virus puts to the keyboard buffer: "ctty com". When the string "checkboxports" is entered, the virus writes some data to the COM1 port. |
