Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Desperado

This is a polymorphic, memory resident COM and EXE infector. When an infected file is executed the virus tests the DOS version. If it is 3.0 or higher it installs itself into memory. The virus hooks the interrupt INT 21h. It attacks files when they are executed, created and opened. The virus deactivates the resident protection Vsafe. It does not attack programs containing in their name any parts of the anti-virus programs names from the following string: “SCANCLEAVSHITOOLMSAVCPAVVSAFF-PRVIRSTBAVTBSCTBCLTBUT-V UTSCUT”. Further on the virus deletes files CHKLIST.MS. It contains the following encoded texts:

Dr.W-2 Dr.White - Sweden 1993SWV Desperado Virus - Written in Malmo...F02C

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.