Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Sibylle

Sibylle.853, Sibylle.858

These are two slightly different memory resident EXE infectors. The viruses hook the interrupts INT 21h and INT 2Fh which are used for identification of the virus in memory. Files are attacked when they are executed. If an infected file is executed at the time when seconds of the system time equal zero the viruses will overwrite AUTOEXEC.BAT by the following text:

@echo off :b echo Looking for Sibylle... goto b

This modified file will at the next DOS loading write the following text in an infinite cycle:

Looking for Sibylle...


Sibylle.1200

This is an encrypted, memory resident EXE infector. If the virus is resident in memory the files are attacked when executed. If the virus cannot open a file it will try to rename it to AZTECH.INC and attack this renamed file. When an infected file is executed internal reader and system time are tested. Depending on the test result a random directory together with its contents may but does not have to be deleted. In the virus body there is the following text:

FUCKING CRACKER - DIE !!! (P) 1992 BY AZTECH.INC

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.