Details
Estier.2126

This is a very dangerous, memory resident parasitic stealth virus. It hooks INT 21h, and writes itself to the end of COM and EXE files that are executed or closed. Upon opening an infected file, the virus disinfects it. The virus does not infect anti-viruses: TBAV, TBSCAN, NAV, VSAFE, F-PROT, and SCAN.
When the TBSCAN anti-virus is executed, the virus appends, to the end of the command line, the option “co” and hooks INT 1Ch. By hooking INT 1Ch, the virus looks for the string “DOS OWN” in the code of TBSCAN, and pathes it. The virus also searches for TBDRV anti-virus and patches it too.
On July 17 and 28, September 7 and on any day at 14:10, the virus erases the C: drive sectors and displays the following message:
ESTIERCOL! - Paraguay

Related Posts

This entry was posted on Tuesday, October 10th, 2006 at 3:00 pm and is filed under Virus Threats.