devastator_ii.
Webroot Antivirus: The best protection against viruses, spyware data theft and hackers.
Description:
Details
Devastator_II.a
These are very dangerous memory resident stealth parasitic viruses. They copy themselves to the DOS data area (address 0000:0500) or to Interrupt Vectors Table (address 0000:0200), hook INT 13h, 21h and write themselves to the beginning of .COM files that are accessed by DOS functions FindFirst/Next ASCII. While executing a file DOS also calls FindFirst, so the viruses also affect the files that are executed.
The viruses uses way of infection similar to the "Int13" virus. While infecting a file the viruses move its beginning (512 bytes) to the end of the file, intercept (by hooking INT 13h) absolute disk address while writing to the end of the file and store that address. Then the viruses overwrite the file beginning with their own code and do not increase the file length. To read original file beginning the viruses use absolute disk address - they read it by INT 13h DiskRead call. As a result the files are lost while copying them - the stored absolute addresses are incorrect for newly created copies.
The viruses contain the text:
Devastator
Copyright @2006 devastator_ii.