Virus.DOS.Strelka.2959
ฝัง
- เผยแพร่เมื่อ 12 ก.ย. 2024
- Another self-made research virus. This one is memory-resident (TSR). It infects both .COM and .EXE files, and features code encryption as well as some polymorphism (garbage instructions) in the decryptor routine. There are no special stealth routines, however, and the file size increase of 2,959 bytes is clearly visible. However, the virus avoids infecting files with certain file names, including COMMAND.COM.
There are six payloads (all date-triggered), which I show in a haphazard order:
0:00: Demonstrating file infection
0:46: January 2
All keystrokes have a small chance of changing the screen colors.
1:58: December 26
Random disk accesses are intercepted and made to fail or return corrupted results. This makes DOS go a bit crazy. You can get all kinds of weird errors or effects. The data on the disk isn't actually affected, unless you somehow make the OS do that.
2:56: April 12
Displays a full-screen logo inspired by 'Sad Mac'. Pressing a key clears the screen and lets you continue. The logo is supposed to have a low droning sound, but due to a recording issue this was not captured.
3:27: November 3
Messes with the CRTC registers; the screen begins to shake around uncontrollably.
4:34: October 4
The computer locks up into a psychedelic VGA effect.
5:12: August 20
Nothing at first, but Ctrl-Alt-Del is intercepted, and the virus plays a song and displays a message before resetting.
wow you're finally back
Excellent find.
oh this is very cool
'Promosm'