tentacle_iii.1049
Webroot Antivirus: The best protection against viruses, spyware data theft and hackers.
Description:
Details
Tentacle_III.10496
It is a dangerous memory resident parasitic polymorphic virus. It hooks INT 21h and writes itself to the end of EXE files that are executed or opened. While infecting a file the virus writes to the file EntryPoint the JmpFar_Virus instruction and fixes the EXE relocation table in the same way as "Voronezh.1600" virus does. If an EXE file contains overlay data, the virus moved that data down and writes its code between EXE module and overlay data.
While opening a GIF files the virus depending on its random counter renames them to the name TENTACLE with a random selected extension and overwrites with GIF image of a tentacle.
The virus check the system memory for the memory resident anti-viruses and patches their code, if they are found. The virus also reads some data from IFS$HLP$ and patches it in some way.
The virus contains the text strings:
IFS$HLP$
TBDRVXXXSCANX TBCHKXXXTBMEMXXXTBFILXXXTBDSKXXXTBLOGXXX
WARNING!
Your system is contamined with the Tentacle Virus.
IMPORTANT: Don't open any GIF file!
.GIF.gif.EXE.exe\TENTACLE.
Copyright @2006 tentacle_iii.1049