Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically


Fichv.896, Fichv.903

This is an encrypted COM infector. It uses not very typical method of infecting files: it writes itself to the beginning of a file and moves the original contents to the end of the file. The virus locates itself in memory and hooks the interrupt INT 21h. When a file is executed or opened the virus tries to infect it. It marks the infected files by setting the value of seconds at the time of file origin to a nonsensical value of 62. The virus infects a file under the condition that its length is more than 1500 bytes and that it is not COMMAND.COM. Because of the used technology of spreading the virus the infection is very fast. In March the virus overwrites parts of the current disk by the following text:

*****FICHV 2.0 vous a eu*****

The 903 bytes long variant contains minor differences. The displayed text is modified so that the text FICHV is followed by the number 2.1

Unlike the previous versions this virus attacks EXE files. A minor difference is also in the text string.

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.