������� � � ��������� � �������� � � � � � ��� �� � � � � � � �� ����������� � � � � � � � � � � � � � � � � � � ������ ��������� � ��� ��� ���� ������� ���� �������� � � � ������� � ��� � � � � � � �� � �� � � � � � � � ���� � � �� � � � � ����� � � �������� � �� �������� �� � � � � � � � � � ������� � � �������� � � �� ������� Distributed By Amateur Virus Creation & Research Group (AVCR) ����������������������������������������������������������������������������� Name Of Virus: VLAMIX 1.0 ----------------------------------------------------------------------------- Alias: ----------------------------------------------------------------------------- Type Of Code: Encrypted with Debugger Trap ----------------------------------------------------------------------------- VSUM Information - (NONE) ----------------------------------------------------------------------------- Antivirus Detection: (1) ThunderByte Anti Virus (TBAV) reported Vlamix.EXE as "Possible Virus" (2) Frisk Software's F-Protect (F-PROT) reported Vlamix.exe as Nothing. (3) McAfee Softwares Anti Virus (SCAN.EXE) reported Vlamix.exe as nothing. (4) MicroSoft Anti Virus (MSAV.EXE) reported Vlamix.exe as nothing. ----------------------------------------------------------------------------- Execution Results: On it's first run, it hits 4 exe files in the current directory, and disables them. Thunderbyte will run after it's hit, but it won't show or tell you that it has been modified and/or infected. Upon the usual sanity check it does, the system locks up. It is memory resident and uses an undocumented dos interrupt to check for itself in memory. ----------------------------------------------------------------------------- Cleaning Recommendations:Delete Infected or TBAV (using Anti-Vir.dat..) ----------------------------------------------------------------------------- Researcher's Notes: Here's the Scan string to add to your scanner to catch this one.... 06 1E 8C C8 8E D8 BF 28 00 A1 50 04 31 05 ----------------------------------------------------------------------------- Disassembly of the VLAMIX Virus ----------------------------------------------------------------------------- Thunderbyte 6.26 can't properly ID or name this one, so just add it to your scanner. -The Weaz