| Alias: | |
| Strain: | - |
| detected when: | |
| where: | |
| Classification: | COM-infector |
| Length: | NONE |
Preconditions | |
| Operating System(s): | MS-DOS |
| Version/Release: | All models |
| Computer model(s): | PC's |
| Caroname: | VCL.Diogenes |
Attributes | |
| Easy identification: | |
Type of Infection: | The virus appends itself to the files Selfrec on disk: File[1] == (word) Filesize-849 |
| Infection Technique: | |
| Infection Trigger: | Filesize%64k < 0FBB1h |
| Storage Media affected: | |
| Interrupts hooked: | |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | the virus uses variable encryption with a variable decryptor, but the decryptor can be detected with a wildcard string. |
| Encoding Method: | |
| Damage: | Transient: - Permanent: 718 sectors of garbage written to drive C: with Int 26h,omitting the first sector on the drive. The garbage starts with the |
| Damage Trigger: | Transient: - Permanent: Day_of_Month == 31st |
| Particularities: | The virus is not memory resident. Displayed text: string, which is also written to the screen atthis time. Displayed text: "DIOGENES 2.0 has visited your hard drive.....This has been another fine product of the Lehigh Valley.Watch (out) for future 'upgrades'.The world's deceit has raped my soul. We melt the plasticpeople down, then we melt thier plastic town....."; Encrypted all .COM files along the PATH are considered in turn |
| Similarities: | |
Agents | |
| Countermeasures: | |
| Standard means: | |
Acknowledgements | |
| Location: | Virus Test Center, University Hamburg, FRG |
| Classification by: | Adam David, Frisk Software International |
| Documentation by: | Adam David, Frisk Software International |
| Date: | 20.6.93 |
| Information Source: | Caroentry (autom.converter by S.Freitag) |
(c) 1996 Virus-Test-Center, University of Hamburg