| Alias: | Tea Time |
| Strain: | 10_Past_3 strain |
| detected when: | |
| where: | |
| Classification: | COM-infector |
| Length: | 748 |
Preconditions | |
| Operating System(s): | MS-DOS |
| Version/Release: | None |
| Computer model(s): | PC's |
| Caroname: | 10_Past_3.748 |
Attributes | |
| Easy identification: | |
Type of Infection: | The virus appends itself to the files Selfrec in memory: mem[1ACh..1AFh] = 46h 42h 06h 22h Selfrec on disk: file[lastbyte-1..lastbyte] = 06h 22h |
| Infection Technique: | |
| Infection Trigger: | Exec and (4<=LengthCOM<=64496) |
| Storage Media affected: | |
| Interrupts hooked: | 21h/4Bh |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | Transient: Reboot during INT 21h; Transient: tamper with interrupt vectors so as to hang PC; Transient: install new kbd handler which affects Shft & Ctrl states. Permanent: None |
| Damage Trigger: | Transient: year>=1991 and day=22 then reboot Transient: year>=1991 and day=29 then trash INT 13h;year>=1991 and day= 1 then trash INT 9h;year>=1991 and day=10 then trash INT Dh;year>=1991 and day=16 then trash INT 10h. Transient: 15h10<=time<=15h13 then if INT 21h occurs theninstall keyboard handler which sets Shft & Ctrl statesrandomly on about 1 in 11 keystrokes. Permanent: None |
| Particularities: | None Displayed text: None Not displayed text: None Reported in South Africa; purportedly written bya person with the pseudonym Marvin Giskard. |
| Similarities: | 10_Past_3.789 |
Agents | |
| Countermeasures: | |
| Standard means: | |
Acknowledgements | |
| Location: | Virus Test Center, University Hamburg, FRG |
| Classification by: | Paul Ducklin |
| Documentation by: | Paul Ducklin |
| Date: | 1993-01-11 |
| Information Source: | Caroentry (autom.converter by S.Freitag) |
(c) 1996 Virus-Test-Center, University of Hamburg