Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Delwin

These viruses are encrypted, multipartite and memory resident EXE infectors. If an infected file is executed the virus locates the original MBR contents to cylinder 0, side 0, sector 2. The three next sectors behind the original MBR contents are taken by the virus body. It does not install itself into memory upon loading from an infected file but when the system is loaded from an infected disk. The virus redirects the interrupts INT 13h and INT 21h service to itself. When an attempt is made to read from the MBR the virus conceals its presence in the system. It attacks files when they are executed, copied and opened. The virus marks them by setting seconds at the time of origin to the value of 62. It will not infect files containing in their name 'VI' and 'SC' strings and overlay files. Delwin.1759 is stealth not only in the MBR but also in files. The viruses contain encrypted texts.

Delwin.1199: GOBLIN
Delwin.1759: DELWIN

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.