Details
Coup.2052.b

This is very dangerous memory resident multipartite virus. When an infected file is executed, the virus infects the MBR of the hard drive and then returns to DOS. While loading from infected MBR the virus cuts a block of the system memory, copies itself to there, hooks INT 13h, 1Ch and returns control to the original MBR code.
By hooking INT 13h the virus realizes a stealth routine while accessing to the infected MBR. By hooking INT 1Ch (timer) the virus waits for DOS loading process, hooks INT 21h and then writes itself to the end of .COM and .EXE files (except COMMAND.COM) that are executed. The virus checks the file names and corrupts several anti-virus scanners: SCAN, MSAV, PART*, CLEAN, VSAFE, TOOLKIT, GUARD, FINDVIRU. The virus overwrites them with a trojan program that displays the message:
If you are boy,go and play ball !!
Otherwise,Our “Blind Date” every day in “4-Bagh” at 6-9(pm).

Related Posts

This entry was posted on Friday, September 26th, 2008 at 9:15 pm and is filed under Virus Threats.