| Alias: | Russian-A | | Strain: | Akuku virus strain | | detected when: | --- | | where: | --- | | Classification: | Program (COM,EXE) virus, non memory resident | | Length: | 1. Length in RAM: 1108 bytes 2. Length in program: 1111-1114 bytes |
Preconditions | | Operating System(s): | MS-DOS, PC-DOS | | Version/Release: | version 2.xx and higher | | Computer model(s): | IBM-PC, XT, AT and compatibles | | Caroname: | Akuku.889.A |
Attributes | | Easy identification: | Virus contains string "Sorry, I'm completely dead." Seconds field in file's time set to 62. | Type of Infection: | Installs itself memory-resident when infected program is run. Infects both .EXE and .COM files, including COMMAND.COM, by appending itself to end of file. EXE files are increased by 1114 (45Ah) bytes, COM files by 1111 (457h) bytes, but this amount may increase by up to 15 (0Fh) bytes as padding for paragraph align- ment. | | Infection Technique: | | | Infection Trigger: | Upon running infected file, disk must have 3000 (BB8h) bytes of free space. EXE files must be larger than 1000 (3E8h) bytes; COM files must be larger than 1000 (3E8h), but smaller than 64000 (FA00h) bytes. | | Storage Media affected: | | | Interrupts hooked: | | | Stealth: | | | Tunneling/Selfprot: | | | Oligo/Polymorphism: | | | Encoding Method: | | | Damage: | Transient damage: virus will display message "Sorry, I'm completely dead.". Virus installs payload in memory, which plays a song. Permanent damage: --- | | Damage Trigger: | Trigger for damage is the current time at in- fection time. If the minutes field is one of: 32, 33, 34 or 35, the virus displays "Sorry, I'm completely dead, installs the song and plays it every 14 seconds. | | Particularities: | 1. The file date and time will not be altered in the disk directory, except for the seconds, which will be set to 62. 2. The drive to be infected is selected according to this rule: if the current time's seconds is =0, select drive A:; if it is >0, but <=22 the current drive is selected, and if it is >22, C: is selected. 3. Virus will search the whole current directory for files to infect, as well as the first level of all of it's subdirectories. It will infect the first 3 files found. Default drive is reset to the correct drive. 4. Virus installs the whole virus body in memory, although only the song is active. | | Similarities: | Very similar to Akuku.3 and Cop-Mpl viruses. All Akuku viruses try to infect three files in directory of current disk, but differ on what happens if they cannot be found. The identification by 62 seconds field is similar to Vienna viruses. |
Agents | | Countermeasures: | F-Prot, Anti-Virus Toolkit | | Standard means: | --- |
Acknowledgements | | Location: | Virus Test Center, University Hamburg, Germany | | Classification by: | Christopher G. Street (guest from Brown Univ) | | Documentation by: | Christopher G. Street (guest from Brown univ) | | Date: | June 14, 1992 | | Information Source: | Original virus code |
An unprecedented amount of legislation was passed establishing agencies to rebuild America's highways, dams and bridges--the vast majority of which are still used and depended on every day. That investment in physical infrastructure was our greatest ever, and it's now time for a similar investment in the Internet's infrastructure--both in shoring up actual underpinnings and in teaching people how to be more cyberaware. Complete Internet security protection with anti-virus, anti-spyware, anti-phishing, anti-spam and anti-hacker technologies. Plus parental controls and virtual keyboard perfect for home or small office. Tags: Kaspersky Internet Security 2009, Free Kaspersky Internet Security 2009 Download, internet security, antivirus software, antispyware software, personal firewall, antispam
|