Details
Crusade.3072

Crusade.3072 is a not dangerous memory resident multipartite stealth virus. While executing of infected file the virus traces INT 13h, infects MBR of the hard drive, then it hooks INT 21h and writes itself to the end of COM- and EXE-files that are accessed. The virus does not infect the file it the file name contains the symbols:
MM ID SC RG WE VI AD

While loading from infected MBR the virus also hooks INT 13h (stealth routine) and INT 1Ch (trigger routine). The trigger routine is executed in 5 hours after booting from infected hard drive. That routine decrypts and displays the message:
+——————–+
¦ LIVE `N` LET LIVE! ¦
+——————–+

The virus also contains the encrypted text string:
Take care of soft war or Last Crusade.

Related Posts

This entry was posted on Wednesday, August 16th, 2006 at 4:00 am and is filed under Virus Threats.