| Description:
|
Details
SeeYou family
These are very dangerous memory resident partly encrypted boot viruses, stealth. They infect the boot sector of C: drive as well as boot sector of floppy disks. While loading from infected disk they reserve a block of memory by decreasing the size of DOS memory (the word at the address 0000:0413), copy themselves to that block, hook INT 13h, wait for DOS loading process, hook INT 21h and on first execution of DOS program (usually - COMMAND.COM) they allocate a block of DOS memory, copy themselves to there and restore the original size of DOS memory. As a result they hide themselves between DOS kernel and resident copy of COMMAND.COM.
Depending on the system date they erase disk sectors and displays one of the messages:
See you later all
Happy birthday, Populizer ! |
