|
Antiwin_II, famil Viruses Information
| Name: |
Antiwin_II, famil |
| Category: |
Viruses |
| Description:
|
Details
Antiwin_II, family
These are dangerous memory resident parasitic encrypted viruses. They trace INT 21h, hook INT 9, 21h, 2Fh and write themselves to the end of .EXE files that are executed. The viruses check the file names and do not infect several anti-virus and utilities according to the following string (four bytes per name):
DRWEAIDSMSCAANTIAVP WEB SCANMSAVVSAFGUARADINKRNLDOSXWSWADSWAWIN3
The viruses use on-the-fly encryption/decryption by hooking INT 1 (tracing), so their code is encrypted in the memory as well as in the files. The viruses have bugs and in some cases halt the computer while infecting files.
In some cases the viruses change the symbols that are entered (INT 9). On Windows initialization call INT 2Fh AX=1605h the viruses depending on the system time display the message and halt the computer:
Use registered copies of MS Windows
The viruses also contain the text:
Greetings from MrStrange, Kiev T.G.Shevchenko University
>Antiwin<, (c) by MrStrange.
The master copy of these viruses also contain the text:
MrStrange hails you from Kiev! My first virus |
Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 72 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win16.Klon.1177 - 42 visits
Win32.Hidra - 42 visits
Marine.500 - 35 visits
Random Viruses Pages:
Win95.Frone.86
Dennis.100
ATB.1522.
V.190
Trojan.Win32.KillAV.b
Pojer.191
CriCri.430
WinNT.Tent
Win95.Julus.189
Joke.Win32.DesktopPuzzl
|
