qdao.158
Webroot Antivirus: The best protection against viruses, spyware data theft and hackers.
Description:
Details
QDao.1589
It is not a dangerous memory resident encrypted parasitic virus. When an infected file is executed, the virus writes its code to the reserved track on the hard drive (track/head 0/0) and copies its INT 21h handler (3Eh bytes) to the Interrupt Vectors Table at the address 0000:0300. This handler intercepts file termination, then searches for EXE files, reads complete virus code from the hard drive sectors and writes it to the end of the file. As a result 1.5K virus needs only 3Eh bytes of the system memory.
On November 12, the virus displays messages in Chinese.
Copyright @2006 qdao.158