Virus.DOS.VRN.2276 (Kaspersky Lab)
is also known as:
VRN.2276 (Kaspersky Lab),
VRN (McAfee), Vrn.2276 (Symantec), VRN.2276 (Doctor Web), Veronica-2276 (Sophos), Draziw.2276 (RAV), VRN.2276 (Trend Micro), VRN-2276 (H+BEDV), Draziw.2276 (FRISK), VrN-2276 (ALWIL), VRN (Grisoft), VRN.2276 (SOFTWIN), Vrn.2276 (Panda)
| Description added |
Mar 07 2000 |
| Behavior |
Virus |
It is a very dangerous memory resident encrypted parasitic virus. It hooks
INT 21h and writes itself to the end of COM (except COMMAND.COM) and EXE
files that are executed. The virus does not infect the anti-virus programs:
SCAN, NAV, F-PROT, GUARD, FINDVIRU, TOOLKIT, AVP. When the AVPLITE
anti-virus is executed, the virus modifies the command line so, that memory
scanning and heuristic analysis stays disabled. The virus also deletes the
anti-virus data files: ANTI-VIR.DAT, CHKLIST.MS, SMARTCHK.CPS, AVP.CRC,
IVB.NTZ, CHKLIST.TAV.
The virus has bugs and can corrupt files while infecting them. Under
debugger the virus erases the CMOS. On July 4th the virus erases the hard
drive sectors, the CMOS and displays the message:
-- VrN vIrUs coded by ThE_WiZArD in Spain (1998) --
!! DEDICATED TO VeRoNica !!
The injustice and ignorance can only end by force
If we must end this ourselvers, we will stop at nothing
This is one Strike, in what will soon become MANY
You may stop this individual, but you can not stop us all...
The virus also contains the text strings:
->#ThE_WiZArD
draziw@usa.net
!! S70p K1ll1n 0uR B4byS 0r w3 w1ll d3s7r0y y0ur d474 4g41n !!
