| Alias: | |
| Strain: | - |
| detected when: | |
| where: | |
| Classification: | COM-infector, resident |
| Length: | 477 |
Preconditions |
| Operating System(s): | MS-DOS |
| Version/Release: | requires useable memory to be present at the virus resident |
| Computer model(s): | PC's |
| Caroname: | Bit_Addict |
Attributes |
| Easy identification: | |
Type of Infection: | The virus appends itself to the files Selfrec in memory: Int21 handler >= 0A000:0h Selfrec on disk: File[3] == MSG_NOT_DISPLAYED: |
| Infection Technique: | |
| Infection Trigger: | Load && (3 <= COM_size < 64k) |
| Storage Media affected: | |
| Interrupts hooked: | 21/4B |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | - |
| Encoding Method: | |
| Damage: | Transient: - Permanent: 100 sectors of garbage written to the beginning of disksC: and D: using int 26h, then print MSG_DISPLAYED: to the screenand hang in an endless loop. |
| Damage Trigger: | Transient: - Permanent: 101st Int21;ah=4Bh call since installing int21 handler. |
| Particularities: | The virus resides in the video RAM. The virus resides at the memory address: 0BFE2:0h Displayed text: "You have a good taste for hard disks, it was delicious !!!" Not displayed text: "BIT ADDICT" writes a bytes value 3 to port 3BFh before attempting to install itselfin memory. The int21 vector is only installed after verifying that allof the virus is successfully copied to one or the other resident address.This file is the original virus and has NOP instead of the signaturetext, so it infectable by itself once. Files smaller than 13 bytes willbe incorrectly infected because the signature text overwrites the virusstart. |
| Similarities: | |
Agents |
| Countermeasures: | |
| Standard means: | |
Acknowledgements |
| Location: | Virus Test Center, University Hamburg, FRG |
| Classification by: | Adam David, Frisk Software International |
| Documentation by: | Adam David, Frisk Software International |
| Date: | 22.7.93 |
| Information Source: | Caroentry (autom.converter by S.Freitag) |