Details
Res.2879

These are harmless memory resident multipartite encrypted stealth viruses. They hook INT 13h, 21h and write themselves to the end of COM and EXE files that are accessed. The viruses also infect the MBR of the hard drive and boot sector on the 1.4Mb floppy disks.
The viruses check file names and do not infect several anti-virus programs and archivers. The viruses contain the text strings, the first strings contains the identification letters for files that are not infected by the virus (two letters per name, the viruses check two last letters of names):
NFEBSTTERJIPHAAR
[RES] VVS

“Res.4258″ also embeds itself to the FIDO mails (.PKT files). While embedding the virus creates its dropper with the LIFE.COM name, converts it to ASCII data by using standard UUE method, and adds these data to the end if victim message as a block of encoded data.

Related Posts

This entry was posted on Tuesday, January 1st, 2008 at 2:50 am and is filed under Virus Threats.