rideon.431
Webroot Antivirus: The best protection against viruses, spyware data theft and hackers.
Description:
Details
Rideon.4313
It is a dangerous memory resident polymorphic and stealth parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are closed. The stealth routines are activated on files searching and opening calls. When infected files are opened, the virus disinfects them. When they are searched, it decreases their size back to the original value.
When the anti-virus F-PROT, or data compressing utilities RAR, ARJ, PKZIP, LHA, or BACKUP utility is executed, the virus disables some of its stealth routines. When the F-PROT anti-virus is run, when it reads data from files (to load data or scan files for viruses), the virus copies random data to its read buffer.
The virus deletes the anti-virus data files:
ANTI-VIR.DAT CHKLIST.MS SMARTCHK.CPS AVP.CRC IVB.NTZ CHKLIST.TAV
The virus polymorphic engine has several bugs and in some cases produces the polymorphic loop that is not able to decrypt virus code. Such files halt the system when executed.
On July 4th the virus erases the CMOS memory and displays the message:
-- [RIDEON] (c) ThE_WiZArD / DDT (Spain) --
###### ## ##### ##### ####### ### ##
# # ## ## ## ## ## ## #### ##
###### ## ## ## ## ## ## ## ## ##
## ## ## ## ## ##### ## ## ## ## ##
## ## ## ## ## ## ## ## ## ## ##
## ## ## ##### ##### ####### ## ####
The virus also contains the text strings:
#ThE_WiZArD
You`ll take my life but ill take yours too
For those about to rock all I salute you!
Copyright @2006 rideon.431