Details
Torero.1427

These are dangerous memory resident parasitic viruses. They hook INT 13h, 21h and write themselves to the end of .COM files that are opened.
To recognize already infected files the viruses set 7th bit of file attributes (this bit means “shareable” for network) and check that bit before infecting files. The viruses do not save in their code the original bytes from COM file header, but write them to the reserved fields of file’s directory entry. Both these methods may corrupt the files while copying or accessing them.
If the viruses cannot get original COM header bytes from directory entry to restore the host program, they display the message and return to DOS:
This program requires Microsoft Windows.

The viruses also contain the text strings:
[Torero Ç:-) by Mister Sandman/29A]

Related Posts

This entry was posted on Friday, March 28th, 2008 at 11:50 am and is filed under Virus Threats.