informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/virus/avcr-01.012

64 lines
2.8 KiB
Plaintext
Raw Permalink Blame History

ÛÛÛÛÛÛÛ Û Û ÛÛÛÛÛÛÛÛÛ Û ÛÛÛÛÛÛÛÛ
Û Û Û Û Û ÛÛÛ ÛÛ
Û Û Û Û Û Û ÛÛ
ÛÛÛÛÛÛÛÛÛÛÛ Û Û Û Û
Û Û Û Û Û Û
Û Û Û Û Û Û
Û Û ÛÛÛÛÛÛ ÛÛÛÛÛÛÛÛÛ Û
ÛÛÛ ÛÛÛ ÛÛÛÛ ÛÛÛÛÛÛÛ ÛÛÛÛ ÛÛÛÛÛÛÛÛ Û Û Û ÛÛÛÛÛÛÛ
Û ÛÛÛ Û Û Û Û Û Û ÛÛ Û ÛÛ Û Û
Û Û Û Û Û ÛÛÛÛ Û Û ÛÛ Û Û Û Û ÛÛÛÛÛ
Û Û ÛÛÛÛÛÛÛÛ Û ÛÛ ÛÛÛÛÛÛÛÛ ÛÛ Û Û Û Û Û
Û Û Û Û ÛÛÛÛÛÛÛ Û Û ÛÛÛÛÛÛÛÛ Û Û ÛÛ ÛÛÛÛÛÛÛ
Distributed By Amateur Virus Creation & Research Group (AVCR)
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Name Of Virus: VLAMIX 1.0
-----------------------------------------------------------------------------
Alias:
-----------------------------------------------------------------------------
Type Of Code: Encrypted with Debugger Trap
-----------------------------------------------------------------------------
VSUM Information - (NONE)
-----------------------------------------------------------------------------
Antivirus Detection:
(1)
ThunderByte Anti Virus (TBAV) reported Vlamix.EXE as "Possible Virus"
(2)
Frisk Software's F-Protect (F-PROT) reported Vlamix.exe as Nothing.
(3)
McAfee Softwares Anti Virus (SCAN.EXE) reported Vlamix.exe as nothing.
(4)
MicroSoft Anti Virus (MSAV.EXE) reported Vlamix.exe as nothing.
-----------------------------------------------------------------------------
Execution Results:
On it's first run, it hits 4 exe files in the current directory, and
disables them. Thunderbyte will run after it's hit, but it won't show
or tell you that it has been modified and/or infected. Upon the usual
sanity check it does, the system locks up. It is memory resident and
uses an undocumented dos interrupt to check for itself in memory.
-----------------------------------------------------------------------------
Cleaning Recommendations:Delete Infected or TBAV (using Anti-Vir.dat..)
-----------------------------------------------------------------------------
Researcher's Notes:
Here's the Scan string to add to your scanner to catch this one....
06 1E 8C C8 8E D8 BF 28 00 A1 50 04 31 05
-----------------------------------------------------------------------------
Disassembly of the VLAMIX Virus
-----------------------------------------------------------------------------
Thunderbyte 6.26 can't properly ID or name this one, so just add
it to your scanner.
-The Weaz
Reference in New Issue View Git Blame Copy Permalink