Details
Shadow Family

These are very dangerous memory resident parasitic encrypted viruses. They hook INT 21h and write themselves to the end of COM and EXE files that are executed or loaded as overlays. “Shadow.1702″ also intercepts FindFirst/Next DOS call (DIR command), and infects the files that are listed.
The viruses (except “Shadow.1702″) have an error in the infection routine, and as a result the infected COM files are not recoverable. These viruses also overwrite the ‘*BBS*.*’ files, “Shadow.1702″ writes a trojan program to there, that program “clears” the screen by using VGA tricks and halts PC.
The viruses contain the text strings:
“Shadow.1185,1200″: [Shadow] NecroSoft Enterprises-a division of BCA
Greets to SKISM
“Shadow.1702″: [Shadow-B/2] NecroSoft Enterprises - a division of BCA
Greets to SKISM

Related Posts

This entry was posted on Monday, January 28th, 2008 at 2:50 am and is filed under Virus Threats.