Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically


It is 651 bytes long. Fgt is a dangerous non-resident COM infector. At the beginning, if it finds the computer type suitable (it tests a byte on the offset F000: FFFE, on 0FAh, 0F9h and on 0FCh) the virus generates an acceptable random number, sends value 0Eh to the port 70h and value 0FFh to the port 71 h (i.e. it overwrites the “diagnostic status byte” in CMOS to the value 0FFh). After that the virus overwrites the contents in PSP:86h. By means of that it receives in PSP:86h strings “*.COM”,0, “PATH=”. In the first directory, found through the DOS variable PATH, it infects everything what does not begin as the virus does (it tests coincidence of the first 5 bytes in the file) or does not have “MZ” at the beginning. When executing, the virus copies the starting part into PSP and jumps to it. The starting part will overwrite the virus by the original contents and renew registers.

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.