Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically


Avispa is a polymorphic EXE infector. When an infected file is executed the virus installs itself into memory and hooks interrupts vectors INT 21h and INT 13h. When a non-infected file is executed the virus checks whether the last two letters of its name are not 'AN','an','OT','ot','DL','dl'. It does not infect files like that. The virus checks whether the first two bytes of an EXE file are MZ. If so it will infect the file. In this way COM files may be damaged because the virus considers them for EXE files. There is the following text encrypted in the virus:

c:\dos\xcopy.exe c:\dos\mem.exe c:\dos\emm386.exe
Virus Avispa - Buenos Aires - Noviembre 1993
As well as another text string:
Virus Avispa
Republica Argentina
Elijah Baley
Noviembre 10 de 1993
This virus is not an old virus variant and it was written in Argentina by Elijah Baley

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.