Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically


Cruel.A, Cruel.B, Cruel.C

These are a bit unusual boot viruses. They write only a 29 bytes long leader into the boot sector (thus causing an optically inconspicuous change). The original contents of this area are moved to the end of the body. The body itself is located at the end of the root directory. The viruses reserve 2 kilobytes below the top of memory; to do so they decrease the BIOS variable RAMTOP on the address 0:413h. The viruses hook the interrupt 13h. In their body they contain a visible, uncoded string:

Cruel.B: “CRUELv2”
Cruel.C: “CRUE(L)v3”

Name of the viruses was derived from this string. In addition to the fact that their cunning performance at infecting may cause destruction of the boot sector, on the 8th in a month, exactly on the 47th minute, they erase the most important areas of the CMOS memory.

This is a multi-partite virus. It hooks the interrupt INT 12h and in addition it infects COM files by writing itself to their end.

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.