| Description:
|
Details
Ignorance
It is a harmless memory resident multipartite encrypted virus. While loading from an infected floppy disk or MBR it hooks INT 13h, waits for DOS loading and then it hooks INT 21h. While executing an infected file the virus infects the MBR of the hard drive, then hooks INT 13h and 21h. By hooking INT 13h it realizes stealth algorithm on reading the infected MBR, it also uses INT 13h for floppy boot sectors infection. By hooking INT 21h it writes itself to the end of COM, EXE and SYS files that are accessed. The virus contains the text strings:
Ignorance is Strength
Freedom is Slavery
War is Peace
COMEXEBINOVLSYSSCCLVSF-
[1984] bY [TäLöN< >NûK_] '93! THiS iZ iNFeCTi0N #00000032!
Greetz RS/NuKE!
where "#00000032" is virus generation number, that value may be not the same in different infected files/sectors. "COMEXESYSBINOVL" is the string of the file name extensions which are "infectable". "SCCLVSF-" is the string of the anti-virus software names (two bytes per name: SCAN.EXE, CLEAN.EXE, e.t.c.). While executing these files the virus disables some of its semi-stealth algorithm branches. |
