Class | Virus |
Platform | DOS |
Description |
Technical DetailsIt is a very dangerous resident virus. It affects .EXE-files in the current disk directory, where a file is being run from or opened in. An infected file is being searched by the FindFirst and FindNext functions and not necessarily coincides with a file being opened or executed. On infecting, “Alabama” uses FCB-functions for work with files, appends to the file end; incorrect infection is possible. In an infected file the time of last modification is set to 62 seconds. This infector tries to “survive” a reboot – for this purpose it sets INT 9h (keyboard), hooks the Alt-Ctrl-Del combination, then turns off the screen and calls the boot procedure (INT 19h). During this operation the codes of the virus are not erased. Depending on the current time “Alabama” might displays the messages:
The virus hooks INT 9, 21h, contains the text string “????????EXE” and doesn’t have destructive functions. But it works incorrectly with files and the memory – might hang up the system. |
Find out the statistics of the threats spreading in your region |