| Description:
|
Details
Kaliostro family
These are not dangerous memory resident partly encrypted parasitic viruses. They hook INT 21h and write themselves to the end of EXE files that are executed or opened. The "Kaliostro.2098" virus also infects a file that is pointed by "MAXIMUS=" string in the system environment. "Kaliostro.2098" does not infect the files: DRWEB.EXE, ADINF.EXE, DOS4GW.EXE.
The viruses also hook INT 14h (Serial Port I/O), intercept modem(?) input, wait for the "1259hackvgisnh" or "crack9db6n4mwd7" string (depending on the virus version), output via modem a message in Russian (it means "password ok") and then depending on modem input insert data into keyboard buffer: character "s", then Up or Down, then Enter.
The viruses also contain the text string:
òá òá òá all. I am Kaliostro 3.0 (c) Dred |
