Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically


This is a polymorphic, direct action COM infector. The virus generates decryptors similar to Washburn viruses (V2P*). The difference is that this is a two-phase decryptor. The author of this virus wrote the source text to SAC BBS. In the documentation added to the virus it is said that the author “was inspired by Mr. One Half”. The author made a mistake because One_Half does not have a two-phase decryptor. He most probably meant the last virus by Vývojár -EMM:Level_3 . The 1569 bytes long virus attacks COM files in the current directory. It attacks only files with length between 1000 and 41000 bytes, and that ensures that COMMAND.COM will not be infected. During infection the virus creates temporary file with name README.DOC. In the coded virus body there are the following texts:

Copyright(c)1995 by KockaSOFT Ja som primitivny program, ale co ty?
(Meaning: “I am a primitive program but what about you?”)

According to the author, desperate searching for the error in the code caused that he decided to work off by means of viruses Trivial.83 and Trivial.43.

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.