Details
BackFormat.1855

These are dangerous memory resident parasitic viruses. “BackFormat.2354,” are encrypted ones. Upon execution, they hit the COMMAND.COM file, and the length of the COMMAND.COM file doesn’t increase. This virus uses the “Lehigh” virus algorithm. Then they hook INT 21h, (”BackFormat.2000″ hooks INT 13h also), and write themselves to the end of COM- and EXE-files. They infect newly created files on a floppy only and write themselves upon file closing. Upon infection of a COM-file, the virus checks the first instruction of it. If this instruction is not JMP (E9h), the virus infects the file in a standard manner: it writes itself to the end of the file and overwrites the beginning of the file with a “JMP Virus” instruction. If the first byte is JMP, the virus overwrites the instruction to where the first JMP points.
These viruses contain the internal text string “:\command.com”.
“BackFormat.2000″ depending upon generation number and system date, this version changes the system tables upon floppy disk formatting. The sectors are formatted in reverse order: from the 9th to the first (for 360k floppies). If this floppy is not 360K, the disk will not be accessible.
“BackFormat.2435″ sometimes corrupts data upon it being saved on a disk.

Related Posts

This entry was posted on Wednesday, July 12th, 2006 at 12:00 pm and is filed under Virus Threats.