3no

Name:
3no
Info:
Details 3nop It’s a dangerous memory resident multipartite stealth virus. On loading from infected floppy it writes itself into MBR of hard drive. Then it hooks INT 13h (as loading from infected HD) and checks the functions of disk reading and writing. On reading from floppy, it infects the boot sector of the floppy, on writing on the floppy the virus checks first three bytes of data buffer. If there is JMP opcode (E9h), the virus overwrites 200h bytes of this buffer by virus’ code. So the virus can insert itself into the executable file beginning or middle. On execution of this file the virus infects MBR of hard drive and returns to DOS. These files are not recoverable and should be deleted.

Leave a Reply

Your email address will not be published. Required fields are marked *