Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

DR&ET

This 1710 bytes long virus is a polymorphic COM and EXE infector. It infects files by attaching itself to their end. Length of COM files is increased by 1710 bytes, and length of EXE files by 1710 to 1725 bytes. The virus contains a destructive routine which is activated always on the 13th day of a month with probability below 2 %. If the virus finds out that the interrupt INT 1 (single step) service, which enables stepping of the program, points at a different instruction than IRET (return from interrupt), the destructive code is implemented immediately. AS a result of the destruction the first 128 sectors on the first two hard disks (disks C: and D:) are overwritten. The virus is able to recognize files modified by the anti-virus program CPAV and attack then without causing alert. There are also other, only slightly different variants of this virus.

DR&ET.1710.b: At stepping the destructive code does not run.
DR&ET.1710.c: At detecting program modification which is going to be infected by the anti-virus program CPAV the computer “freezes”.
DR&ET.1710.d: A slight modification which should make detection of the virus more difficult.
DR&ET.1719.e: This variant attacks only files of COM type. Upon executing an EXE file infected by the virus the computer “freezes”.

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.