Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Drepo

This virus appeared in the area of North Slovakia. The virus code suggests that it was written by an experienced author. Drepo is a parasitic, resident, stealth EXE and COMMAND.COM infector. The effective length of its body is 2461 bytes. It stands out by its interesting technique of infecting COMMAND.COM. By means of direct approaches to the disk the virus renames it to COMMAND.LOM with appropriate attributes, and then writes decryptor into the space after the first jump. It writes its own encrypted body into the zero area. Then, by a direct write, it changes the extension back to COM. The aim of this operation is obviously to avoid monitors and some heuristic analyzers, respectively. The virus infects files that are compressed by means of RAR and ARJ programs. This strategy is very convenient and enables the virus to spread without being noticed. During July and August of 1996 and of the following years the virus activates a routine which at random instants simulates failure of the key “space”. This routine may be (but does not have to) be activated also outside the given time limits. The most interesting thing on this virus is the encoded text:

Pod na jedno DREPO!Shareware version.Do not forget to register!

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.