| Description:
|
Details
Mpei.4772
This is a relatively harmless memory resident encrypted parasitic virus. It hooks INT 21h, and writes itself to the end of COM and EXE files that are executed, created or opened. The virus uses anti-debugging tricks.
If Novell network is installed, the virus, depending on its counter, sends a message in Russian to all workstations in the net. On Fridays, this virus drops a program to the MBR of the hard drive that looks like a stealth boot virus, but without an infection routine, i.e., the code does all that other boot viruses do; installs itself into the memory, hooks INT 13h, and runs a stealth routine. The only exception in this code is that it does not contain an infection routine.
The virus contains the following text strings in Russian and English:
COMSPEC=
NAME: MPEI
Windows 95 MUST DIE !!!
Copyleft (c) Down'niloff Corp.,2000. All Lefts Preserved. |
