Selected viruses, spyware, and other threats: sorted alphabetically
Exebug |
Exebug is a stealth boot virus. When system is loaded from an infected diskette the virus reserves 1 KB of memory. It does so by decreasing memory size accessible for DOS in the BIOS variable on the address 0:413h. After that the virus moves into this protected area of memory and redirects the interrupt INT 13h service to it. It modifies the CMOS memory by deleting the information on the presence of floppy disks and by recalculating the check sum. It means that system is always loaded from hard disk and the virus is installed. Then the virus reads the diskette boot sector, but before that it modifies CMOS contents and supplements information on the presence of the floppy disks drives. When writing sectors the virus checks if there is not the beginning of an EXE file. If so, it modifies it so that it becomes a virus dropper which infects the MBR of the computer on which it is run.
© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.
