Details
DJIFX.2372

This is a very dangerous memory resident parasitic virus. It hooks INT 5, 9, 17, 1Ch, and 21h, and writes itself to the end of COM and EXE files that are executed, opened, renamed or accessed by a Get/Set File Attribute DOS call. Before and after infecting a file, the virus writes the data of a random size to the end of the file. The virus checks the file name, and does not infect these files:
DRWEB.EXE AIDSTEST.EXE COMMAND.COM

On Fridays, when Alt-Ctrl-Del keys are pressed, the virus displays the following message, and the text starting from “Phone:” is encrypted:
+————————————————+
¦ DJ[I]-FX, Ver. 0.53., (c) 1996 by ___ ¦
¦ Just call my name and I’ll be backall ¦
¦ Password: (D&I) Enigma: (Phone: 1.6687.746498) ¦
+————————————————+

Depending on the system timer, the virus overwrites the files with a program instead of infecting them. That program displays the same message.
On Mondays, depending on the system timer, the virus plays the Yankee Doodle tune, the same as the “Yankee” viruses do.
While printing digits, the virus inverses them (0<->9, 1<->8,…). When the INT 5 (print screen) call is performed, the virus reboots the computer. The virus has bugs and may halt the system.

Related Posts

This entry was posted on Monday, September 25th, 2006 at 8:00 pm and is filed under Virus Threats.