Details
Ida.1490

It is a dangerous memory resident parasitic polymorphic virus. It hooks INT 1Ch, 21h and writes itself to the end of COM files that are accessed. The virus polymorphic engine is quite sophisticated: the virus decryption loop does not contain decryption key “in clear” - it tries to decrypt the virus code with different keys, calculates CRC of decrypted data and passes control to the virus code if CRC is ok. This engine has a bug and in some cases the virus cannot decrypt itself and the system halts.
The virus looks for the text “VERA” on the screen and appends “I Veronika !”. The virus also contains the text:
[IDA] v0.01 Serg_Enigma

Related Posts

This entry was posted on Monday, January 1st, 2007 at 12:00 pm and is filed under Virus Threats.