informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/virus/DOCUMENTATION/marauder.txt

54 lines
2.3 KiB
Plaintext
Raw Blame History

Marauder Virus
By Hellraiser
of Phalcon/Skism
Aliases: Deadpool-B, 808-B, 860.
Marauder is a non-overwriting, non-resident, encrypting, semi-mutating,
.COM file infector.
When a file is infected with the Marauder Virus the virus will search
the current path for a .COM file and infect it, adding 860 bytes to the
files size. If no .COM files reside in the current directory, the
virus will go up one directory and check for .COM files to infect until
it reaches the root. At the root directory the virus will scan for
other directorys to find .COM files, until one uninfected .COM file is
found. If no .COM files are found on the disk the virus will terminate
it search and return to the currently running program.
If an infected file is run on Feburary second of any year, the virus
will destroys all files in the current directory, by overwritting them
with message code. The files will not run when executed, just terminate
upon reading the first line. There is no way to recover the files once
the virus destroys them. After this, control will be given back to the
host program.
The Maruder virus is able to infect any .COM file no matter what
attribute... Hidden, System, Read-Only, etc... The files date, time, and
attribute will not be changed after a file becomes infected.
The virus will not cause a system error if run on a write-protected
floppy or fixed-disk, merely terminate any attempt of infection.
The virus will not infect files under 16 bytes or over 64,675 bytes.
For the most part the virus is randomly encrypted with each passing
infection, the small part of the program code which is not encrypted
mutates between two different, but comaptable strains of bytes.
There is no way of detecting the virus infections other than the
addition of 860 bytes to infected files, in other words, system-run time
is not affected at all. If any run-time is affected it is the one
second it takes for the virus to find and infect a file.
The virus causes no damage to disk sectors or boot records etc... The
only damage is the destuction of all files in the current directory on
02/02/XX.
Thanks to: Shade of Sorrow, Dark Angel, and Demogorgon... And all other
active members in Phalcon/Skism.
Hellraiser 1992
I'm back...
Reference in New Issue View Git Blame Copy Permalink