Prevent Online Threats
« Unkempt.134
Unknown1.111 »

Unknown_II.555

Details
Unknown_II.5559

It is a harmless memory resident polymorphic and stealth parasitic virus. When and infected file is executed, the virus decrypts itself, hooks INT 21h, 22h and executed the host file. To hook INT 21h the virus scans the DOS kernel, patches INT 21h DOS handler with bytes CDh 29h (INT 29h call) and patches INT 29h DOS handler with “JMP FAR Virus” instruction.
The virus traces INT 13h, 21h, 40h, gets their original addresses and uses them while infecting files. The virus infects COM and EXE files (except IBMBIO.COM and IBMDOS.COM) that are accessed. While infecting the virus writes itself to the end of files. On opening an infected file the virus disinfects it.
The virus contains the text strings:
IBMBIO IBMDOS
Unknown 1.0

Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages.
  • blinkbits
  • BlinkList
  • blogmarks
  • co.mments
  • connotea
  • del.icio.us
  • De.lirio.us
  • digg
  • Fark
  • feedmelinks
  • Furl
  • LinkaGoGo
  • Ma.gnolia
  • NewsVine
  • Netvouz
  • RawSugar
  • Reddit
  • scuttle
  • Shadows
  • Simpy
  • Smarking
  • Spurl
  • TailRank
  • Wists
  • YahooMyWeb

Related Posts

  • No related posts

    • This entry was posted on Friday, May 16th, 2008 at 7:50 pm and is filed under Virus Threats.

    Leave a Reply

    Spyware Removal Spyware Protection Tools