| Description:
|
Details
Wuhan.3289
It is a very dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files (except COMMAND.COM) that are executed. The virus also scans the current directory for COM and EXE files, and infects them all. On June 24th starting from 11am the virus manifest itself in a extremely dangerous way: it reads to its memory the MBR, disk C: boot and root sectors, erases them with garbage data and displays the message:
warning!all
NO RESET
your pc had been destory by me. follow me and I can restore it for you...
you are not honest,as a punish,give you the gift...
Today is my birthday !
say HAPPY BIRTHDAY to me...
The virus then waits for the text "HAPPY BIRTHDAY" (uppercase) and restores the erased sector to their original state. Otherwise it runs some video effect which is corrupted in virus sample that was received. As a result the computer halts, and the MBR, boot and root sectors stay corrupted.
The virus also contains the text string that used as the identificator when the virus installs itself memory resident:
UNIVERSITY WUHAN |
