Virus.BAT.Hot2Trot

Class Virus
Platform BAT
Description

Technical Details


It is a dangerous nonmemory resident parasitic BAT virus. It searches for
.BAT files in the current and parent directories, then writes itself to the
end of the file. The virus uses an infecting way similar to parasitic COM
infectors – it writes its code to the end of the file and inserts
GoTo_Virus command to the file header:


+—————+
�@echo off � Jmp-to-virus commands
+——�goto HotToTrot3�
�+—->�:To �
�� +—————� Original BAT file commands
�� �… �
�� �… �
�� �… �
�� +—————�
��+—-�goto Trot3 � Jump to return-to-DOS command
��� +—————�
+—–>�:HotToTrot3 � Main virus code
�� �… �
�� �… �
+—–�goto To � Return to host program
+—>�Trot3: � Return to DOS
+—————+

While infecting a file the virus accesses DOS functions (INT 21h). To do
that it creates and runs two temporary COM files – saves their hexadecimal
dump to disk and converts it to binary file by using DEBUG (if there are no
DEBUG in PATH, the virus may corrupt the files while infecting them).