Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically


This is a simple, parasitic COM infector 686 bytes long. In spite of being rather simple this virus has several interesting features. First of all it is the fact that it has a built in mechanism for fighting the anti-virus programs which store information on files in databases and then, on this basis, they try to remove the virus from the file. The mechanism is ingeniously simple. When infecting a program the virus saves two bytes to offset 729h and stores the original contents. After ending its action the virus returns these original contents to their place and only after that it gives the control to the program. The “generic snapper” cannot be ready for actions like that. If it is more intelligent it announces with discretion that the virus cannot be removed. In a worse case it announces that the virus was removed but the program is not in the original shape and most probably does not work. The virus contains a destructive routine that is activated on October 8th. On that day the virus writes the text “Monika” enclosed by two hearts on the screen. But even more unpleasant is the fact that the virus overwrites the whole disk with the same string. And that means irretrievable data loss. The virus identifies itself by means of calling INT 21H with register AX=0DC28h which has on return the value 1973h in case that the virus already is in the memory. The virus infects files longer than 1834 bytes and shorter that 64842 bytes. Its destructive routine does not work on DOS versions older than 3.30 and on PC-XT.

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.