Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically


Basic characteristic of this family of viruses is that they can spread only when the page is viewed “offline“. That means you can get infected only from a page stored on a disk but not from a page in Internet. With standard security setting in the viewer warning about running a script is displayed and you are required to confirm its execution. When it is run the infecting routine is activated in random way with probability 1 to six. The virus goes through directories towards the root directory and searches for files with extension “htm“ and “html“. The virus checks whether the found HTML document has already been infected by presence of the following string in the first line:

<html> <!--1nternal-->

If the file has not been infected the virus locates itself into the beginning of the file and writes the following string into the status line of the viewer:

HTML.Prepend /1nternal

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.