Details
StoneHeart.1490

It is a very dangerous memory resident polymorphic parasitic virus. It hooks INT 21h and writes itself to the end of EXE files that are executed, opened, or accessed by Get/Set File Attribute DOS call. The virus does not infect anti-viruses AIDSTEST, AVP, SCAN, WEB,all according to the string (three letters per name): “AIDAVPPROSCAEXTWEB”. While infecting a file the virus also encrypts a block of file code/data, before return control to the host program the virus decrypts this block.
While installing memory resident the virus deletes files in root directories on all disks, a file is to be deleted only if seventh letter of its name is the same as disk letter - C:??????C?.*, D:??????D?.*, e.t.c.
The virus contains the text strings:
:\*.*
StoneHeart II
EMME Small 1.1

Related Posts

This entry was posted on Wednesday, February 27th, 2008 at 6:50 pm and is filed under Virus Threats.