Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Die_Hard2

This polymorphic, stealth, COM and EXE infector increases the length of infected file by 4000 bytes. When an infected file is executed the virus gets activated and it tunnels vectors of the interrupts INT 10h, INT 13h and INT 21h. It is not destructive but from time to time it exhibits its presence. On certain days, depending on the date, it sends to the equipment of standard error {usually the screen} and to AUX the following string:

SW Error

Depending on generation (must be higher than 15) and on the graphic card mode (mode 13h) the virus writes violet letters SW on the screen. It modifies the beginning of source texts in the assembler and pascal so that after compiling the program it displays on the screen two characters with ASCII codes 209 and 165 and terminates the program. That creates an impression that the source code is erroneous.
On files being manipulated in this way the virus implements the stealth technology. As a result the modification is not seen as long as the virus is active in memory.

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.