Virus.Multi.3nop

Class Virus
Platform Multi
Description

Technical Details


It’s a dangerous memory resident multipartite stealth virus. On
loading from infected floppy it writes itself into MBR of hard drive. Then
it hooks INT 13h (as loading from infected HD) and checks the functions of
disk reading and writing. On reading from floppy, it infects the boot sector
of the floppy, on writing on the floppy the virus checks first three bytes
of data buffer. If there is JMP opcode (E9h), the virus overwrites 200h
bytes of this buffer by virus’ code. So the virus can insert itself into
the executable file beginning or middle. On execution of this file the
virus infects MBR of hard drive and returns to DOS. These files are not
recoverable and should be deleted.