Autor: de_Almasy (krakusy_at_icpnet.pl)
Data: Tue 04 Apr 2000 - 16:07:52 MET DST
> Witam!
> Kupel ma w/w wirusa. Co ten wirus moze zrobic? Na stronie mks'a nie ma
>opisutego robala.
It is a harmless memory resident partly encrypted parasitic virus. It hooks
INT 21h and writes itself to the end of COM and EXE files that are accessed.
The virus infects the files on floppy disks only. The virus checks the file
names and does not infect the files: NO*.*, WE*.*, TB*.*, AV*.*, F-*.*,
SC*.*, CL*.*, CO*.*, WI*.*, KR*.*.
The virus uses uncommon polymorphic engine - each time the virus installs
itself into the memory it mixes blocks of its code and data and inserts
random data. The virus also changes data offsets in its assembler
instructions, constants and so on. As a result, the virus is not 100%
encrypted, but it has no constant parts of code and ever the length of virus
is changed.
Being installed into the memory the virus does not changes its code anymore,
and all its replications have constant set of instructions. After reboot the
virus installs itself into the memory and generates new set of instruction
and infects files with this new set.
The virus contains the text:
* TMC 1.0 by Ender *
Welcome to the Tiny Mutation Compiler!
Dis is level 6*9.
Greetings to virus makers: Dark Avenger, Vyvojar, SVL, Hell Angel
Personal greetings: K. K., Dark Punisher
Tyle mi sie udalo znalezc z AVPeka
pzdr
de_Almasy
--
************************************************************
de_Almasy
krakus29_at_go2.pl krakus29_at_kki.net.pl
ICQ: 64539267
************************************************************
To archiwum zostało wygenerowane przez hypermail 2.1.7 : Tue 18 May 2004 - 19:58:32 MET DST