Kaspersky Threats — Kontragapi

Class

Platform

Description

Technical Details

It is a dangerous memory resident polymorphic parasitic virus. The
virus does work only if system date’s year is 1998, otherwise the virus
does not install itself into the system memory. While installing the virus
hooks INT 21h and writes itself to the end of COM files that are accessed.
The virus corrupts several anti-virus programs: if filename begins with F-,
TB, AV, VIR, SCAN, KILL (F-PROT, TBAV, AVP etc), the virus writes to the
file header a small program that displays the message:



kontragapi

This is the “Entry Point Obscuring” virus, i.e. there is no JMP_Virus
instruction at the file header. The virus uses one of standard tricks to
write the JMP_Virus to the middle of the file: it reads file header,
disassembles it at looks for suitable place for the JMP_Virus code.

Find out the statistics of the threats spreading in your region

Class	Virus
Platform	DOS
Description	Technical Details It is a dangerous memory resident polymorphic parasitic virus. The virus does work only if system date’s year is 1998, otherwise the virus does not install itself into the system memory. While installing the virus hooks INT 21h and writes itself to the end of COM files that are accessed. The virus corrupts several anti-virus programs: if filename begins with F-, TB, AV, VIR, SCAN, KILL (F-PROT, TBAV, AVP etc), the virus writes to the file header a small program that displays the message: kontragapi This is the “Entry Point Obscuring” virus, i.e. there is no JMP_Virus instruction at the file header. The virus uses one of standard tricks to write the JMP_Virus to the middle of the file: it reads file header, disassembles it at looks for suitable place for the JMP_Virus code.
	Find out the statistics of the threats spreading in your region

Virus.DOS.Kontragapi

Technical Details