informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/virus/avcr-01.009

63 lines
2.8 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

ÛÛÛÛÛÛÛ Û Û ÛÛÛÛÛÛÛÛÛ Û ÛÛÛÛÛÛÛÛ
Û Û Û Û Û ÛÛÛ ÛÛ
Û Û Û Û Û Û ÛÛ
ÛÛÛÛÛÛÛÛÛÛÛ Û Û Û Û
Û Û Û Û Û Û
Û Û Û Û Û Û
Û Û ÛÛÛÛÛÛ ÛÛÛÛÛÛÛÛÛ Û
ÛÛÛ ÛÛÛ ÛÛÛÛ ÛÛÛÛÛÛÛ ÛÛÛÛ ÛÛÛÛÛÛÛÛ Û Û Û ÛÛÛÛÛÛÛ
Û ÛÛÛ Û Û Û Û Û Û ÛÛ Û ÛÛ Û Û
Û Û Û Û Û ÛÛÛÛ Û Û ÛÛ Û Û Û Û ÛÛÛÛÛ
Û Û ÛÛÛÛÛÛÛÛ Û ÛÛ ÛÛÛÛÛÛÛÛ ÛÛ Û Û Û Û Û
Û Û Û Û ÛÛÛÛÛÛÛ Û Û ÛÛÛÛÛÛÛÛ Û Û ÛÛ ÛÛÛÛÛÛÛ
Distributed By Amateur Virus Creation & Research Group (AVCR)
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Name Of Virus: Connie
-----------------------------------------------------------------------------
Alias: Connie.A (From TBAV 6.26)
-----------------------------------------------------------------------------
Type Of Code: Encrypted with Debugger Trap, Uses Dark Slayer's Mutation Eng.
-----------------------------------------------------------------------------
VSUM Information: (NONE)
-----------------------------------------------------------------------------
Antivirus Detection:
(1)
ThunderByte Anti Virus (TBAV) reported files as infected with Connie.A
(2)
Frisk Software's F-Protect (F-PROT) reported infected files as Nothing.
(3)
McAfee Softwares Anti Virus (SCAN.EXE) reported infected files as nothing.
(4)
MicroSoft Anti Virus (MSAV.EXE) reported infected files as nothing.
-----------------------------------------------------------------------------
Execution Results:
On it's first run, it hits Command.Com Immediately. It traces back to
find where the boot (command.com) was loaded, and then tries to infect
it. It does not change dates or times on infected files, but you will
notice an increase of 1761 bytes in each infected file. This virus will
only hit .COM files, and once executed, goes memory resident.
-----------------------------------------------------------------------------
Cleaning Recommendations:TBAV's TBCLEAN can easily remove it
-----------------------------------------------------------------------------
Researcher's Notes:
Connie will hit all Com files that are executed or copied. It will hit
the original file, and also the copied file as it is moved.
It hooks Int's 21, 30, ED, EE, F0, F5, F6, F9, and FD.
Connie sits in memory at location 09F240 - 09FFFF... (High as it can go)
-The W<>$ˆl-
Reference in New Issue View Git Blame Copy Permalink