Details ACG.a It is a family of DOS parasitic viruses. There are several virus versions known: memory resident and nonmemory resident, infecting COM and/or EXE files. All of them write themselves to the end of the file and modify file header. Memory resident viruses hook INT 21h and infect files that are opened, nonmemory resident search for files in the current directory. The viruses use highly complex polymorphic engine that rebuild virus code. In different infected files different assembler instructions or ever sets of instructions are used to do the same operation. The engine also mixes blocks of virus code and data, inserts junk instructions, inserts random data, etc. The virus also changes data offsets in its assembler instructions, constants and so on. As a result, the virus is not 100% encrypted, but it has no constant parts of code and ever the length of virus is changed. Being installed into the memory the memory resident versions of the virus do not changes the virus code anymore, and all its replications have constant set of instructions. After reboot the virus installs itself into the memory and generates new set of instruction and infects files with this new set. The viruses contain the text: Internal compiler error! LUCKY B.R.D 1994-99

Leave a Reply

Your email address will not be published. Required fields are marked *