 
 |
 |
GoldBug
Aliases:
Size: 1024 bytes
Frequency: 1
Characteristics:
- Infects MBR
- Infects diskette boot record
- Infects EXE files
- Infects as a companion
- Memory resident
- Multipartite virus
- Full stealth
- Encrypted (code and data)
- Polymorphic
- Uses tunneling
- Contains clear text string or message
- Modifies CMOS
- Makes MBR inaccessible
- Disables AV product(s)
- Targets AV integrity information
Information:
"CHKLST????", "107=0SLMTA" (This latter string is sent, in reversed order, to the modem so it answers incomming calls on the seventh ring.) Overwrites CMOS when certain antivirus programs are run. Prevents programs from running that end in "AN" to "AZ" (Including files like *SCAN, and *AV.) Removes integrity files of CPAV and MSAV. The virus can install itself in HMA memory. The virus overwrites the partition table in the MBR. The infected drive will be invisible to DOS if the system is booted from an uninfected floppy. Using fdisk /mbr will render the drive unbootable.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
|
