Details
Strategy.486

It is a harmless nonmemory resident parasitic virus. It infects the system drivers (SYS files) only. The virus receives the control only when DOS is loading the system drivers that are listed in the CONFIG.SYS file, and only if an infected file is in the list of the system drivers. The virus gets the control, opens the CONFIG.SYS file, searches for “DEVICE=” string there (any-cased), and infects the file that is pointed by this string. Being executed the virus infects all drivers that are listed in the CONFIG.SYS.
While infecting a file the virus checks the file internal format and does not infect EXE drivers. Then the virus stores and modifies the address of Strategy routine and writes itself to the end of the file.
The virus does not manifest itself in any way. It contains the string
\CONFIG.SYS

and the name of the host file.

Related Posts

This entry was posted on Friday, February 29th, 2008 at 10:50 am and is filed under Virus Threats.