ANTIEXE
  Home Enquiry Products Services Aboute us F.A.Q  
Services
NEWS UPDATE
Downloads
Service manuals
ANTI VIRUS CENTER
Trojan Cleaner
Trojan Washer
Trojan Eraser
Trojan Killer
Trojan Remover
Virus Cleaner
Virus Washer
Virus Killer
Virus Eraser
Virus Remover
Worm Cleaner
Worm Eraser
Worm Washer
Worm Killer
Worm Remover
 
ANTI EXE ( boot record virus )

ANTI EXE , ANTIEXE ( BOOT RECORD VIRUS ) :: ANTI EXE



The AntiEXE virus, also known as NewBug or D3, only affects boot records. It reduces the available main storage in the 640 KB area and searches for certain anti-virus programs.

This virus is a resident stealth boot record virus. If a computer system is booted from an infected disk, the virus will infect the system. During the infection of a hard disk, it copies the clean master boot record to an unused area (head 0, cylinder 0, sector 13) and redirects all further attempts to read the master boot record to this copy.

If a disk is infected, a copy of the clean boot record is stored in the last record of the root directory, thus overwriting any existing entries. Data losses are therefore inevitable, though relatively rare.

The installation routine of the AntiEXE virus detects the entry address of interrupt 13h. Then the virus reduces the available lower main memory area (0-640 KB) by one kilobyte and corrects the reported conventional main memory accordingly. The virus then copies itself into the memory thus "allocated". The detected address of interrupt vector 13h is transferred to interrupt vector D3h. Both interrupt vectors still "point" to the same program code at this stage; later on, the virus only uses interrupt D3h to deactivate resident virus guards and blockers instead of interrupt 13h.

If the system is booted from an infected disk, the virus becomes resident and checks whether the master boot record of the first hard disk has already been infected. If not, the original master boot record is copied elsewhere "for future use". Then the current master boot record is modified and the original boot record of the disk is reloaded for the next booting procedure.

When the virus is active, the boot record is not infected every time a clean disk is accessed. Equipped with the usual stealth properties, the virus always returns the original record whenever the boot record is accessed in the case of floppy disks, or the master boot record in the case of hard disks, i.e. the virus simply redirects the access attempts.

When an attempt is made to access a particular record, and bits 0 and 1 of the tick counter (increment register for counting the number of ticks since midnight) are set, the virus checks whether the read record corresponds to the start record of a particular EXE program and then modifies this record so that it can no longer be executed.

Diese Datei aus : H+BEDV Datentechnik GmbH.









 
 
 
blanjo company
Copyright Since 2003,
Alright Reserved
  HOME PRIVACY POLICY products services about us F.a.q.