Details Apo.2108 It is a very dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the beginning of .COM and end of .EXE files that are executed. While infection of the files the virus renames them to the name X$X$$X$X.$X$, infects and then renames back to original name. While infecting .EXE files the virus corrects several fields in EXE header: the virus increases the length of EXE header to cover original contents of the file. As a result the original file body is defined as EXE header, and while loading such file info the memory DOS loads only the virus body. Then the virus opens the host file, restores the fields in EXE header, executes host file, and then writes “infected” fields back to EXE header. The virus also hooks INT 1Ch and some time after installation erases the disk sectors. The virus has the bugs, and in some cases halts the computer. The virus contains the encrypted text string: ApoVir

Leave a Reply

Your email address will not be published. Required fields are marked *