AlphaVirus famil

AlphaVirus famil
Details AlphaVirus family These are dangerous memory resident encrypted parasitic viruses. They hook INT 21h, and write themselves to the end of EXE files that are executed. They were named after text strings in their codes: “AlphaVirus.1121”: AlphaVirus [07] “AlphaVirus.1555”: AV[07] AlphaVirus.1121 This virus does not infect the anti-virus programs ADINF, AIDSTEST, and DRWEB. To avoid detection and disinfection by these anti-viruses, the virus deletes the DRWEB.INI file, displays a message in Russian and halts the computer when ADINF is executed. On the 31st, the virus overwrites PAS files with a text in Russian. AlphaVirus.1555 This virus also hooks INT 28h (DOS idle) and, upon such call at 10:59:59, depending on random data, stuffs one of the following commands to the keyboard buffer: deltree C: /Y arj m temp *.* format c: defrag c: /F The virus does not infect the programs: AVP, RAR, DN, WEB, WIN, DRWEB, AIDSTEST, and ADINF. When anti-viruses AVP, WEB, WIN, and DRWEB are executed, the virus removes itself from the system memory (then the virus installs into the memory again, then any infected program is executed). Upon opening any .PAS file, the virus overwrites it with a text in Russian.

Leave a Reply

Your email address will not be published. Required fields are marked *