Details
YCTC family

These are very dangerous memory resident parasitic viruses. They hook INT 21h, 2Fh. INT 2Fh hook is used for stealth. INT 21h hook is used for infection – the viruses write themselves to the end of COM and EXE files that are executed or opened. They do not infect files with names that start with:
“YCTC.1729″: COMMAND IBM ET PC TB CKVI KLVI DEVI BTOOL
RTOOL TDISK SCAN CLEAN HUNT F- TR G
“YCTC.1975″: COMMAND LIU2 EMM386 JEAN RAR VTHUNT VTSCAN

“YCTC.1729″ uses anti-debugging tricks. It deletes the files with names that start with ‘Z’ letter, or if directory name starts with ‘Z’, then it displays the message:
You have a Y.C.T.C.Virusall Ha! Ha! Ha! Ha!
== Written by Y.C.T.C.student 1995. ==
=== I am y.c.t.c. student written… ===

“YCTC.1975″ corrupts the files while infecting them (i.e. it is “intended” virus). Depending on the system date it deletes the files, displays the messages in Chinese and English:
Hello !! I am a cute virus baby.
You can call me [ YCTC ] virus..
Come on,to go to study YCTC school !!
Written by Jean 1995.08.01.
Happy birthday to my dear !!
Written by Jean 1995.08.01.

Related Posts

This entry was posted on Thursday, September 11th, 2008 at 3:50 am and is filed under Virus Threats.