💾 Archived View for spam.works › mirrors › textfiles › virus › avcr-01.012 captured on 2023-06-16 at 21:01:11.

View Raw

More Information

-=-=-=-=-=-=-


                ???????     ?        ?  ?????????  ? ???????? 
               ?       ?    ?        ?  ?          ???     ??
              ?         ?   ?        ?  ?          ?       ??
              ???????????   ?        ?  ?          ?
              ?         ?   ?        ?  ?          ?
              ?         ?    ?      ?   ?          ?
              ?         ?     ??????    ?????????  ?
       
       
        
    ???   ???    ????    ???????    ????    ????????  ?  ?    ?  ???????
    ?  ???  ?   ?    ?   ?         ?    ?        ??   ?  ??   ?  ?
    ?       ?  ?      ?  ?  ????  ?      ?     ??     ?  ? ?  ?  ?????
    ?       ?  ????????  ?    ??  ????????   ??       ?  ?  ? ?  ?
    ?       ?  ?      ?  ???????  ?      ?  ????????  ?  ?   ??  ???????
       
       
       Distributed By Amateur Virus Creation & Research Group (AVCR)

?????????????????????????????????????????????????????????????????????????????
Name Of Virus:  VLAMIX 1.0
-----------------------------------------------------------------------------
Alias:
-----------------------------------------------------------------------------
Type Of Code:  Encrypted with Debugger Trap
-----------------------------------------------------------------------------
VSUM Information - (NONE)
-----------------------------------------------------------------------------
Antivirus Detection: 
(1)
ThunderByte Anti Virus (TBAV) reported Vlamix.EXE as "Possible Virus"

(2)
Frisk Software's F-Protect (F-PROT) reported Vlamix.exe as Nothing. 

(3)
McAfee Softwares Anti Virus (SCAN.EXE) reported Vlamix.exe as nothing.

(4)
MicroSoft Anti Virus (MSAV.EXE) reported Vlamix.exe as nothing.
-----------------------------------------------------------------------------
Execution Results:
On it's first run, it hits 4 exe files in the current directory, and
disables them.  Thunderbyte will run after it's hit, but it won't show
or tell you that it has been modified and/or infected.  Upon the usual
sanity check it does, the system locks up.  It is memory resident and 
uses an undocumented dos interrupt to check for itself in memory.
-----------------------------------------------------------------------------
Cleaning Recommendations:Delete Infected or TBAV (using Anti-Vir.dat..)
-----------------------------------------------------------------------------
Researcher's Notes:
Here's the Scan string to add to your scanner to catch this one....
06 1E 8C C8 8E D8 BF 28 00 A1 50 04 31 05

-----------------------------------------------------------------------------
                      Disassembly of the VLAMIX Virus 
-----------------------------------------------------------------------------

Thunderbyte 6.26 can't properly ID or name this one, so just add
it to your scanner.
                       
                       -The Weaz