Details
BootExe.Stalker.310

This is memory-resident harmless virus which hooks INT 13h and hits MBR of hard drive. After infection of hard drive the computer hands. After loading from infected hard drive the virus starts to infect EXE files.
EXE files are infected in quite an original way: the virus analyzes the information read from the disk (INT 13h). If in the sector read from the disk there is an EXE file header (the first two bytes are ‘MZ’ and some conditions are also met) the virus writes itself into empty space in this header and saves the modified sector on the disk. It means: a) an infected file has the same length; b) no necessity to handle file attributes and time of its creation and fatal errors (INT 24h). The virus doesn’t manifest itself in any observable way.
It contains the encrypted string:
*Stalker*

Related Posts

This entry was posted on Tuesday, July 25th, 2006 at 6:00 am and is filed under Virus Threats.