fatty.300
Webroot Antivirus: The best protection against viruses, spyware data theft and hackers.
Description:
Details
Fatty.3008
It is a very dangerous memory resident multipartite virus. It affects .COM and .EXE files as well as the MBR of the hard drive and boot sectors of the C: drive and floppy disks. While infecting .EXE files the virus may corrupt them.
When an infected file is executed, the virus infects the MBR and the boot sector of C: drive, hooks INT 8, 9, 13h, 17h, 21h and stays memory resident. While loading from infected disk the virus hooks the same vectors except INT 9, 21h, waits for DOS loading process and hooks INT 9, 21h.
By hooking INT 21h the virus infects .COM and .EXE files that are created and then closed, as a result the virus avoids CRC checkers. INT 13h hook is used for stealth and floppy disk infection. INT 8 hook is used to hook INT 9, 21h while installing from infected disk and for trigger routines. INT 17h is used for "Are you here?" call while installing memory resident.
Trigger routines: by hooking INT 9 the virus depending on its random counter either "skips" one key, or stuffs random key into keyboard buffer. Depending on its counter (INT 8) the virus also stuffs some sequence of keys to the keyboard buffer. Depending on the system date the virus modifies some data on disk (erases data?).
The virus contains the text strings:
XFATTY by SULPH (c)97
*Manufactured in Vsetin (CZ)
*THANX to Grisoft & Borland
*BIG KISS to my GIRL
*Have FUN, see YA!!X
.COM.EXE
Copyright @2006 fatty.300