Mario's World Forums  

Go Back   Mario's World Forums > The End Is Nigh > ► Off-topic
FAQ Community Calendar Today's Posts Search

► Off-topic (Forum related to the discussion of anything that does not have it's own specific forum. Nothing is off limits.)

Reply
 
Thread Tools Display Modes
Old 27th April 2009, 11:35 AM   #1
Mario
Special Guest
 
Mario's Avatar
 
Join Date: Dec 2008
Location: @home
Posts: 627
Exclamation Junkie virus. (Ahhh, to be infected again.)

Name: Junkie (Boot.Malmo)
Type: Virus

Junkie is a virus that infects .com files, the DOS boot sector on floppy disks, and the master boot record (MBR) on the first physical hard disk (drive 80h, drive C). The file form of Junkie does not become memory resident. It simply checks the MBR or floppy-disk boot sector for infection. If the sector is not infected, the virus infects the drive and returns control to the infected host file. The file form of the virus also contains code to target and remove from memory the antivirus TSR (VSafe), which shipped with MS-DOS 6.x. The virus code is two sectors in length and reserves 3 KB of memory. Thus, on a computer with 640 KB of memory, MEM would report 637 KB and CHKDSK would report 652,288 bytes of free memory.

The virus body is stored and encrypted on two sectors, starting at side 0, cylinder 0, sector 4 of the hard drive.

When the system is booted from an infected drive, Junkie loads into the top of memory and decrypts itself. From memory the virus infects .com files as they are executed or loaded. It contains code to bypass virus monitoring software.

Infected files grow by a variable length just over 1 KB. Since Junkie has neither intermediate nor advanced stealth capability, file growth is clearly visible. File times and dates are not changed.

Junkie contains two messages, which are encrypted along with the virus body and thus not visible in files or disk sectors. They are, however visible in memory:

Dr White - Sweden 1994
Junkie Virus - Written in Malmo

The virus decryptor is not polymorphic. It contains four variable data bytes. These variables are two words: one represents the location to start decryption; the other is a variable key.
Mario is offline   Reply With Quote
Reply

Bookmarks

Tags
boot.malmo, junkie, norton, symantec, virus


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +8. The time now is 09:55 AM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
All content ©1997 - 2023, Mario's World, Inc.

eXTReMe Tracker