| Description:
|
Details
Tupac.1308
It is a harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are executed. The virus is not encrypted, but uses quite complex way to hide its code. The code of its infection and installation routines is placed in virus code in reverse direction: next byte of virus code is placed not below, but above of current byte. Of course, disassemblers and debuggers cannot read that code, and processor cannot execute it. To fix it the virus hooks INT 1 (tracing) before calling installation and infection routines and temporary restores opcodes that are executed.
The virus contains the text:
The Tupac Amaru virus, dedicated to all the people of the MRTA who were
killed by Fujimori's troops after surrendering at the japanese embassy on
Lima, to all the people killed and tortured in his government, and finally
to all those who work for democracy and for a better world.
Wintermute/29A |
