Selected viruses, spyware, and other threats: sorted alphabetically
This is a resident, polymorphic COM infector. It does not attack COMMAND.COM. When an infected file is executed the virus becomes memory resident below the 640 KB boundary and hooks the interrupt INT 21h vector. When an appropriate COM file is executes the virus attacks it. The way of infecting files was unique at the time of the virus origin. From a file it reads a 4096 bytes long area, starting at any position and writes it to the end of the file. Into the “protected” area formed in this way the virus writes its body. After that the virus generates small fragments of code to various positions in the infected file. It saves the original contents of locations where the virus code fragment is located. The first fragment is at the beginning of the file and it gives over the control to another fragment. Individual fragments are interconnected by instructions JMP, CALL, RET, RET word. The last fragment gives the control over to the virus code. The author of this virus is widely known under the nickname Dark Avenger and he comes from Bulgaria. He is the author of several viruses which served from the technical point of view as an inspiration for other authors of viruses.
© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.