💾 Archived View for spam.works › mirrors › textfiles › virus › avcr-01.009 captured on 2023-06-16 at 21:01:08.

View Raw

More Information

-=-=-=-=-=-=-


                ???????     ?        ?  ?????????  ? ???????? 
               ?       ?    ?        ?  ?          ???     ??
              ?         ?   ?        ?  ?          ?       ??
              ???????????   ?        ?  ?          ?
              ?         ?   ?        ?  ?          ?
              ?         ?    ?      ?   ?          ?
              ?         ?     ??????    ?????????  ?
       
       
        
    ???   ???    ????    ???????    ????    ????????  ?  ?    ?  ???????
    ?  ???  ?   ?    ?   ?         ?    ?        ??   ?  ??   ?  ?
    ?       ?  ?      ?  ?  ????  ?      ?     ??     ?  ? ?  ?  ?????
    ?       ?  ????????  ?    ??  ????????   ??       ?  ?  ? ?  ?
    ?       ?  ?      ?  ???????  ?      ?  ????????  ?  ?   ??  ???????
       
       
       Distributed By Amateur Virus Creation & Research Group (AVCR)

?????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????????????????????????????????
Name Of Virus:  Connie
-----------------------------------------------------------------------------
Alias:  Connie.A (From TBAV 6.26)
-----------------------------------------------------------------------------
Type Of Code:  Encrypted with Debugger Trap, Uses Dark Slayer's Mutation Eng.
-----------------------------------------------------------------------------
VSUM Information: (NONE)
-----------------------------------------------------------------------------
Antivirus Detection: 
(1)
ThunderByte Anti Virus (TBAV) reported files as infected with Connie.A

(2)
Frisk Software's F-Protect (F-PROT) reported infected files as Nothing. 

(3)
McAfee Softwares Anti Virus (SCAN.EXE) reported infected files as nothing.

(4)
MicroSoft Anti Virus (MSAV.EXE) reported infected files as nothing.
-----------------------------------------------------------------------------
Execution Results:
On it's first run, it hits Command.Com Immediately.  It traces back to
find where the boot (command.com) was loaded, and then tries to infect 
it.  It does not change dates or times on infected files, but you will
notice an increase of 1761 bytes in each infected file.  This virus will
only hit .COM files, and once executed, goes memory resident.    

-----------------------------------------------------------------------------
Cleaning Recommendations:TBAV's TBCLEAN can easily remove it
-----------------------------------------------------------------------------
Researcher's Notes:
Connie will hit all Com files that are executed or copied.  It will hit
the original file, and also the copied file as it is moved.

It hooks Int's 21, 30, ED, EE, F0, F5, F6, F9, and FD.

Connie sits in memory at location 09F240 - 09FFFF...  (High as it can go)

                                    -The W??$?l-