| Alias: | Screen Trasher |
| Strain: | |
| detected when: | September 1991 |
| where: | Germany |
| Classification: | Program (appending) virus, resident |
| Length: | 1,000 Bytes |
Preconditions | |
| Operating System(s): | MS-DOS |
| Version/Release: | 1.xx upward |
| Computer model(s): | IBM - PC, XT, AT, upward and compatibles |
| Caroname: | Semtex.1000 |
Attributes | |
| Easy identification: | Infected files will contain the string: " S E M T E X by Dusan Toman, CZECHOSLOVAKIA" " (7)213-040 or (804)212-23 " |
Type of Infection: | All *.COM that are executed or opened will be infected if their length <= 61,000 Bytes. COMMAND.COM will also be infected; there is explicit code in the virus that exploits the comspec. |
| Infection Technique: | |
| Infection Trigger: | All *.COM files with length <= 61,000 Bytes. |
| Storage Media affected: | |
| Interrupts hooked: | INT 08 (hooked); INT 10, INT 21 (used); INT 61 (occupied) |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | At an hourly intervall, virus will trash screen contents by overwriting with garbage. |
| Damage Trigger: | A Counter that counts the timer tics. |
| Particularities: | 1) This virus does not intercept INT 24, so a write error will occur upon each infection attempt. 2) Windows 3.0 will not like what virus does to the memory allocation. 3) INT 61 usage will render the following pro- ducts inoperative: Atari Portfolio (system management) HP 95LX System (system management) JPI topspeed modula (procedure exit trap) FTP PC/TCP (function calls) Adaptec and Omti controller Banyan Vines (network) Sangoma CCIP (CCPOP3270) |
| Similarities: | --- |
Agents | |
| Countermeasures: | |
| Standard means: | |
Acknowledgements | |
| Location: | Micro-BIT Virus Center, Univ Karlsruhe, Germany |
| Classification by: | Christoph Fischer |
| Documentation by: | Christoph Fischer |
| Date: | 31-January-1992 |
| Information Source: | |
(c) 1996 Virus-Test-Center, University of Hamburg