Hi Brendan!
18-Jun-97 16:25:46, Brendan Lambourne wrote to All
Subject: No-Frills Virus
BL> I have just finished cleanning the no-frills virus off my computer.
BL> I just want to know what this virus does.
BL> Can anyone supply information as to what this virus does, so that I can
BL> understand this virus better.
Here ya go m8:-
Name
No_Frills
Type Memory resident file virus.
Affects COM and EXE files.
File Growth See Variants
Description No_Frills infects COM and EXE files when they are
executed, opened or copied. The 1358 variant infects
COM files only.
The virus intercepts INT_21 functions 3D (Open), 43
(Get Attribute), 4B (Execute), 6C (Extended Open; not
used by .1358). It checks for itself in memory by
issuing a call, AX=5432/INT_21h; the correct response
is AX=1005 (.813, .815, .843), AX=1006, (.950), AX=1007
(.835, .840), AX=1301 (.1358).
No_Frills does not infect files starting with SC (for
example, SCAN.EXE).
Files are misinfected quite frequently by the No_Frills
viruses.
This family of viruses is related to X-Fungus.
The following strings are found in these viruses:
813: +-No Frills by Harry McBungus-+
815a: +-No Frills 1.01 by Harry McBungus-+
815b: +-No Frills by Harry McBungus-+
835: +-NF3.0-H.McB-[PuKE]-+
840: no strings
843: +-No Frills 2.0 by Harry McBungus-+
950: +-K-Lame Kreation by Harry McBungus-+
1358: Kcat 3.01 ñ 5% - By Sir Twist & Thunderbird,
with Many Thankz to Harry McBungus whose code we
politely nicked.
Variants
813, 815ab, 835, 840, 843, 950, 1358.
All the best!
Kane Guy E-mail: kaneguy@cableinet.co.uk
--- Terminate 4.00
---------------
* Origin: Terminate + SmartNote + Internet = Simply the best! (2:440/601.16)
|