| Alias: | |
| Strain: | - |
| detected when: | |
| where: | |
| Classification: | COM-infector |
| Length: | 651 |
Preconditions | |
| Operating System(s): | MS-DOS |
| Version/Release: | All models |
| Computer model(s): | PC's |
| Caroname: | FGT |
Attributes | |
| Easy identification: | |
Type of Infection: | The virus overwrites the beginning of the file, appending the overwritten part after the end of the file. Selfrec on disk: File[0..4] == "PSQRV" (push ax,bx,cx,dx,si) |
| Infection Technique: | |
| Infection Trigger: | (1 file in current directory and 1 file from the PATH)Filesize%64k < 63849 |
| Storage Media affected: | |
| Interrupts hooked: | 24 |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | - |
| Encoding Method: | |
| Damage: | Transient: Invalidate CMOS config (write 0FFh to byte 0Eh) Permanent: - |
| Damage Trigger: | Transient: ([0F000:FFFEh] == 0FCh or == 0FAh or <= 0F8h) &&Year >= 1992 && Random(1:8) Permanent: - |
| Particularities: | The virus is not memory resident. The Int24 handler ensures that repeated attempts are not made on adrive that returns a critical error. |
| Similarities: | |
Agents | |
| Countermeasures: | |
| Standard means: | |
Acknowledgements | |
| Location: | Virus Test Center, University Hamburg, FRG |
| Classification by: | Adam David, Frisk Software International |
| Documentation by: | Adam David, Frisk Software International |
| Date: | 28.7.93 |
| Information Source: | Caroentry (autom.converter by S.Freitag) |
(c) 1996 Virus-Test-Center, University of Hamburg