|
|
Bog.233. Viruses Information
| Name: |
Bog.233. |
| Category: |
Viruses |
| Description:
|
Details
Bog.233.a
It's a harmless not memory resident parasitic virus. It searches for Windows EXE-files and infects DOS-part of them. It does it by quite interesting method. It uses the fact, that a lot of Windows EXE-files have a DOS part of code. That code is executed if the Windows EXE is started under DOS. Usually these DOS parts of code have the same format in different Windows EXE-files. These parts contain the warning message like "This program requires Microsoft Windows." and several assembler instructions that display this message and return the control to DOS. Usually these instructions are:
MOV AH,9
INT 21h ; display the message
MOV AX,4C01h
INT 21h ; return to DOS
This virus reads the first 80h bytes of the DOS executable code (below the EXE header) and checks it for "WIN" or "Win" string. If that string is found, the virus starts to search for the assembler instructions listed above. If that code is present, the virus writes into the file 233 bytes of own code from last INT 21h instruction:
MOV AH,9
INT 21h ; display the message
MOV AX,4C01h
CALL $+3 ; virus code starts here
On execution from MS-Windows infected files works as usually, on execution from DOS it displays standard Windows' warning message and then the virus starts to work.
The also virus contains the internal text string:
BOG (C) '93 by GROG - Italy |
Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits
Random Viruses Pages:
LG.
Volga Famil
Carbuncle.62
Worm.P2P.Surnova.
I-Worm.Supp
Macro.Visio.Unstabl
Kunsr.168.
WinScript.77
I-Worm.Stato
I-Worm.Bagle.a
|
|
