serbu famil
Webroot Antivirus: The best protection against viruses, spyware data theft and hackers.
Description:
Details
Serbu family
These are not dangerous memory resident encrypted parasitic viruses. They use several levels of anti-debugging tricks in installation routine as well as in interrupt handlers. They write themselves to the end of COM and EXE files that are executed or opened, as well as to the end of .GIF and .JPG files (!!).
When an infected file is executed, the virus decrypts itself by using INT 1 and INT 3 hooks, then allocates block of DOS memory, copies itself to there, traces INT 21h, 2F and hooks them. To hook INT 2Fh the virus patches the DOS kernel.
Depending on the system date the viruses display the rectangle:
XXXXXXXX
XXXXXXXX
"Serbu.3493" displays the text:
.. A_C_O: Dirgantara Jaya ..
The viruses also contain the text strings:
"Serbu.3493": R-SERBU-1 (c)09-16H Emhaka
"Serbu.3493": -SERBU-
Copyright @2006 serbu famil