Details ADI.1431 These are dangerous memory resident encrypted parasitic viruses. They write themselves to the end of COM files. While infecting a file the viruses encrypt not only its code, but whole contents of the file. The viruses have bugs and may halt the system while infecting a file. When an infected file is executed, the virus decrypts itself, hooks INT 22h (DOS Terminate call), returns control to the host program, waits for termination call, then hooks INT 8, 1Ch, 21h, 24h. Timer interrupts (INT 8, 1Ch) are used by the virus to disable tracing and debugging. INT 21h is used to intercept access to COM files. The viruses use several levels of anti-debugging tricks, they also contain the text string: (c) Beast. Advanced Disk Infector. [ADinf v1.5]

Leave a Reply

Your email address will not be published. Required fields are marked *