Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Happy_End

This is a parasitic, 3075>resident and 3069>encrypted COM and EXE infector. It infects files when they are executed. The virus identifies files that have already been attacked by means of the byte sequence 00FF00 if they are COM files, and by a mark in the check sum of the file header if they are EXE files. In the memory the virus identifies itself by means of calling the interrupt INT 21h with the number ABCDh in register AX, to which it responds by number 1978h in register BX if it is resident in memory. Strings at the end of the virus body suggest that the virus is of Slovak origin:

disrict Bratislava country Slovakei Compiled:A86
When executed from May 19th to May 23rd it writes:
Decryption Defence... This is Happy End Please turn off your computer.

Right after the message the virus reformats the beginning of the disk. In addition to the above mentioned strings there is the following text in the virus body:

Ešte sa stretneme...

(Meaning: We will meet again…)

© 1992-2004 ESET s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.