Details
Velocet.2000

This is a very dangerous memory resident encrypted parasitic virus. It hooks INT 21h, and infects .EXE files that are executed. While infecting files, the virus encrypts its code and writes itself to the end of the file as overlay data - the virus does not modify the Module Length fields in the EXE header, and, as a result, the main virus code is placed out of actual EXE image. To gain control, the virus writes a 68-byte program to the middle of the EXE file, and sets the EXE Entry Point address to that program. When an infected file is executed, this program takes control, reads the virus code from the host file and executes it.
Starting from generation 8, 256 successfully infected files or on January 19th, the virus erases FAT on the hard drive, decrypts and displays the following message:
Velocet. By Dogorall

Related Posts

This entry was posted on Friday, May 30th, 2008 at 3:50 am and is filed under Virus Threats.