Details
GK.7697

It is a dangerous memory resident highly polymorphic and stealth multipartite virus. It infects the MBR of the hard drive, boot sector of 1.4Mb floppy disks and writes itself to the end of COM and EXE files that are accessed. The virus uses its polymorphic and stealth abilities for boot sectors as well as for executable files. When ARJ, LHA or PKZIP archivers or CHKDSK utility is active, the virus temporary disables its stealth routines.
To intercept system events the virus hooks INT 13h, 21h, 29h. While installing memory resident and infecting the virus uses several tricks, patches DOS kernel and accesses undocumented internal DOS structures. The virus has bugs and in some cases halts the system while installing memory resident.
The virus infects the MBR of the hard drive only if an infected program is executed for the first time in DOS box under MS Windows. The virus hooks INT 13h and infects floppy disks only after booting from infected hard drive. While infecting the virus stores the original MBR code in second sector on the hard drive and original boot sector on extra formatted track (80th). The virus corrupts the Disk Partition Table in the MBR, so the hard drive will be not available after booting from clean system disk or after repairing with FDISK/MBR.
The virus contains the text:
Unknown (c) 1997 G.K. Poland

Related Posts

This entry was posted on Monday, October 30th, 2006 at 2:00 am and is filed under Virus Threats.