Andry.290

Name:
Andry.290
Info:
Details Andry.2900 It is a dangerous memory resident parasitic virus. It hooks INT 9, 21h and writes itself to the end of COM and EXE files that are executed. After infecting a file the virus attempts to infect the COMMAND.COM file in the root directory on the current disk. The virus has errors and infects files two and more times. It also installs itself in the memory so many times as infected programs are executed. As a result in some time DOS memory will be occupied by virus copy and the system will not load any application. By hooking INT 9 (keyboard) the virus depending “eats” each 100th keystroke. On March 1st the virus displays the message: +—————————————————————-+ | xxxxx xxx xx xxxxx xxxxxx xx xx | | xx xx xx x xx xx x xx xx xx xx | | xxxxxxx xx x xx xx xx xxxxxx xx | | xx xx xx x xx xx x xx xx xx | | xx xx xx xxx xxxxx xx xx xx | | | | xxxxx xx xx xxxxxx xx xxxxx xxxxxxxx xx xxxxx xxx xx | | xx xx xx xx xx xx xx xx xx xx xx xx x xx | | xx xxxxxxx xxxxxx xx xxxxx xx xx xxxxxxx xx x xx | | xx xx xx xx xx xx xx xx xx xx xx xx x xx | | xxxxx xx xx xx xx xx xxxxx xx xx xx xx xx xxx | +—————————————————————-+ The virus then waits for March 2nd and displays: ANDRY CHRISTIAN VIRUS WILL BE –> ACTIVE NEXT YEAR ! The virus also contains the text string: ~INA (ž) 1997 Hackware Technology Research~

Leave a Reply

Your email address will not be published. Required fields are marked *