takecontro
Webroot Antivirus: The best protection against viruses, spyware data theft and hackers.
Description:
Details
TakeControl
It is a dangerous memory resident parasitic polymorphic virus. It writes itself to the end of EXE files and the COMMAND.COM file. Then an infected EXE file is executed, the virus infects C:\COMMAND.COM and C:\DOS\COMMAND.COM files, if they exist. Then the virus returns the control to host EXE program. The virus does not warry about internal COMMAND.COM format and corrupts that file, if it has EXE internal format (Win95 COMMAND.COM).
When an infected COMMAND.COM is executed, the virus hooks INT 21h, stays memory resident and infects EXE files that are executed.
The virus leaves in memory just a half of its code - about 2.8Kb, while infecting a file the virus reads its complete code from the C:\COMMAND.COM file, and then writes this code to EXE files.
The virus checks the file names and does not infect the files from the string (four bytes per name - 3P.E*, AHEL*.*, ALIK*.*, APPE*.* and so on):
3P.EAHELALIKAPPEASTAATTRAVASAVG.AZORBINOBOOTBUILCHKDCLEADEFRDFA.DISK
DOSXDPMIDRVSDSWAEMM3EXE.EXEMEXPAF-PRFASTFC.EFDISFINDGPEGGUARHIEWINI.
INSTINTEKERNKRNLLABELGUAMAKEMANDMEMMMOVEMSBAMSCDMSD.MWBANAV.NLSFPAST
PCC.POWEREX.REPLRESTRTM.SCANSETVSHARSHIESMARSORTSUBSTB.ETEMCTRAPTSAF
UCOMUEXEUNDEVCOPVGUAVIRSVIRTVIRUVIVEVS.EVSHIWIN.WINSWSWAXCOP
Starting from July 1997 the virus displays the message and halts the computer:
TAKE CONTROL of yor mind, your body and your soul !!!
(I'm taking control of your machine - he, he, he all!)
Replace your C:\COMMAND.COM and C:\DOS\COMMAND.COM and it'll be O.K.
... forever!
Zdar Grisofte, McAfee nebo jiny pocitacovy maniaku, jenz tento virus pitvas.
*** Gratuluju ***
>>> Konecne jsi me dekodoval a dostal se az sem. <<<
At zije D.J.BOBO a jeho TAKE CONTROL!!!
--- Virus napsany specialne na podporu antivirovych firem. ---
### Preji ti uspesny boj se vsemi moznymi viry, jako je tento. ###
Grisofte, vase AVG je fakt dobry, ale ve verzi 4.0 pro Windows je dost chyb.
No nic, puvodni CS:IP u EXE nebo prvni tri byty u COMMANDu jsou tady --->
Copyright @2006 takecontro