home *** CD-ROM | disk | FTP | other *** search
/ ProfitPress Mega CDROM2 …eeware (MSDOS)(1992)(Eng) / ProfitPress-MegaCDROM2.B6I / UTILITY / VIRUS / PCV4RPT.ZIP / OROPAX.RPT < prev    next >
Encoding:
Text File  |  1991-05-09  |  3.8 KB  |  91 lines
  1.  
  2.              *********************************************
  3.              ***   Reports collected and collated by   ***
  4.              ***            PC-Virus Index             ***
  5.              ***      with full acknowledgements       ***
  6.              ***            to the authors             ***
  7.              *********************************************
  8.  
  9.  
  10. ==== Computer Virus Catalog 1.2: OROPAX-Virus (July 15, 1989) =======
  11.  
  12. Entry...............: OROPAX Virus
  13. Alias(es)...........: Music Virus
  14. Virus Strain........: ---
  15. Virus detected when.: February 1989
  16. Classification......: Program Virus (extending), Direct Action,
  17.                       RAM-resident
  18. Length of Virus.....: COM-files: length increased by 2756-2806 Byte,
  19.                                  always divisable by 51.
  20.  
  21. -------------------- Preconditions ----------------------------------
  22.  
  23. Operating System(s).: MS-DOS
  24. Version/Release.....: 2.xx upward
  25. Computer model(s)...: IBM-PC, XT, AT and compatibles
  26.  
  27. -------------------- Attributes ------------------------------------
  28.  
  29. Easy Identification.: Typical texts in Virus body (readable with
  30.                       HexDump facilities):  "????????COM" and
  31.                       "COMMAND.COM"
  32.  
  33. Type of infection...: System: RAM-resident, infected if function 33E0h
  34.                          of interrupt 21h returns 33E0h in
  35.                          AX-register.  .COM File:  extending by using
  36.                          FindFirst/FindNext- function in the home
  37.                          directory until a COM File is encountered
  38.                          with a different Attribute than N or A.
  39.                          Files are only infected once.
  40.  
  41.                          The following .COM-files will not be
  42.                          infected:
  43.  
  44.                          - COMMAND.COM,
  45.                          - COM files with length divisible by 51,
  46.                          - COM file with an attribute other than N or
  47.                            A,
  48.                          - COM files longer than 61980 Bytes.
  49.  
  50.                          .EXE File:  no infection.
  51.  
  52. Infection Trigger...: When any of the following INT 21h functions:
  53.                          39h, 3Ah, 3Ch, 3D01h, 41h, 43h, 46h, 13h,
  54.                          16h, or 17h are called; these functions are
  55.                          also used by other resident DOS commands,
  56.                          e.g.  MD, RD, DEL, REN, and COPY.
  57.  
  58. Interrupts hooked...: INT08h, INT20h, INT21h, INT27h
  59.  
  60. Damage..............: Transient Damage: After 5 minutes, the virus
  61.                          will start to play three melodies repeatly
  62.                          with a 7 minute interval in between.  This
  63.                          can only be stopped with a reset.  OROPAX and
  64.                          earcaps can be used to avoid "music
  65.                          overload".
  66.  
  67. Damage Trigger......: Using a random number generator, the virus
  68.                          decides whether to become active.
  69.  
  70. --------------------- Agents ---------------------------------------
  71.  
  72. Countermeasures.....: Category 3: ANTIORO.EXE (VTC Hamburg)
  73.  
  74. Countermeasures successful: ANTIORO.EXE finds and restores infected
  75.                       programs (only for OROPAX).
  76.  
  77. Standard means......: notice .COM file length
  78.  
  79. -------------------- Acknowledgement --------------------------------
  80.  
  81. Location............: Virus Test Center, University Hamburg, FRG
  82. Classification by...: Thomas Lippke
  83. Documentation/Translation: Morton Swimmer
  84. Date................: July 15, 1989
  85.  
  86. ==================== End of OROPAX-Virus ===========================
  87.  
  88.   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  89.   ++++++++++++++++++++++++++ end of reports ++++++++++++++++++++++++
  90.   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  91.