home *** CD-ROM | disk | FTP | other *** search
/ ProfitPress Mega CDROM2 …eeware (MSDOS)(1992)(Eng) / ProfitPress-MegaCDROM2.B6I / UTILITY / VIRUS / PCV4RPT.ZIP / VBASIC.RPT < prev    next >
Encoding:
Text File  |  1991-05-09  |  3.9 KB  |  94 lines
  1.  
  2.              *********************************************
  3.              ***   Reports collected and collated by   ***
  4.              ***            PC-Virus Index             ***
  5.              ***      with full acknowledgements       ***
  6.              ***            to the authors             ***
  7.              *********************************************
  8.  
  9.  
  10. ====== Computer Virus Catalog 1.2: "5120" Virus (5-June-1990) =======
  11.  
  12. Entry.................. "5120" virus
  13. Alias(es).............. ---
  14. Strain................. ---
  15. Detected: when......... January 1990
  16.           where........ Wuerzburg, West Germany
  17. Classification......... Program virus
  18. Length of Virus........ 5120-5135 for EXE and COM files (virus resides
  19.                              on a paragraph boundery)
  20.  
  21. ---------------------- Preconditions---------------------------------
  22. Operating System(s).... MS-DOS
  23. Version/Release........ 2.00 and upwards
  24. Computer models........ IBM PCs and compatibles
  25.  
  26. ------------------------ Attributes----------------------------------
  27.  
  28. Easy identification.... The following texts are contained in the
  29.                         virus:  "BASRUN", "BRUN", "IBMBIO.COM",
  30.                         "IBMDOS.COM", "COMMAND.COM", "Access denied"
  31.  
  32. Type of infection...... Program virus. The virus infects in direct
  33.                         action (ie. it only infects on run time), by
  34.                         searching through the directories recursively
  35.                         starting on paths "C:\", "F:\" as well as the
  36.                         current drive an EXE and a COM file to infect.
  37.                         It will infect all files it can find.
  38.  
  39.                         EXE files will be infected if the length as
  40.                         reported by DOS is less that the file length
  41.                         as reported by the EXE header plus one page.
  42.                         COM files will be infected if the file length
  43.                         is less than 60400 bytes.
  44.  
  45.                         The virus turns Ctrl-C checking and verify
  46.                         off while in operation.
  47.  
  48. Infection trigger...... The virus will infect any time it is executed
  49.                         after the 6th of July 1989. However, if an
  50.                         infected file will infect before this date, if
  51.                         it has already been executed once. It doesn't
  52.                         load itself memory resident.
  53.  
  54. Media affected......... Any logical drive
  55.  
  56. Interrupts hooked...... ---
  57.  
  58. Damage................. Any infected file will terminate with the
  59.                         message "Access denied" (this comes from the
  60.                         virus, not from DOS). The file is NOT deleted
  61.                         in any way.
  62.  
  63. Damage trigger......... Any date after the 1st of June 1992
  64.  
  65. Particularities........ It seems to be written in a HLL, but I haven't
  66.                         found out which.
  67.  
  68. Similarities........... ---
  69.  
  70. --------------------------- Agents------------------------------------
  71. Countermeasures........ ---
  72.  
  73.  - ditto - successful.. Most checksumming programs will find this
  74.                         virus.  The program NTI5120 (Virus Test
  75.                         Center) will find and destroy any 5120 virus
  76.                         found.
  77.  
  78. Standard Means......... Do a string search for any of the strings
  79.                         mentioned above.
  80.  
  81. ---------------------- Acknowledgements-------------------------------
  82. Location............... Virus Test Center, University of Hamburg
  83. Classification by...... Morton Swimmer
  84. Documentation by....... Morton Swimmer
  85. Date................... 5-June-1990
  86. Information source..... ---
  87.  
  88. ===================== End of "5120" Virus ===========================
  89.  
  90.  
  91.   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  92.   ++++++++++++++++++++++++++ end of reports ++++++++++++++++++++++++
  93.   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  94.