Search:       

Sunday, 23 July 2017       

AAV.822 Spyware/Adware Definition


Name: AAV.822
Category: Viruses
Description: Details
AAV.8224

It is a very dangerous memory resident parasitic virus. It hooks INT 10h, 13h, 16h, 21h and stays memory resident. When any file is executed, or on DOS GetDiskSpace call, or in its INT 10h handler, if the system is not busy, the virus searches for .COM and .EXE files and writes itself to the end of the file.
The virus pays special attention for C:COMMAND.COM file and infects it in the way similar to the "Peasant" virus - it overwrites the beginning of the COMMAND.COM with 512 bytes of virus loader and saves the original COMMAND.COM's header and the rest of the virus code to the not used sectors of the first track on the hard drive.
When infected COMMAND.COM is executed, virus loader reads the rest of the virus code from the hard drive, stays memory resident, then restores the original beginning of COMMAND.COM and returns control.
This way of infection may corrupt the data and the files. The virus may also halt the system while loading memory resident - it uses quite complex way of interrupts hooking/releasing and may corrupt DOS kernel.
Depending on the system time, date and several other conditions the virus displays the messages in Chinese and in English:
THIS FILE MAY BE INFECTED WITH VIRUS
TO KILL VIRUS,YOU CAN REINSTALL THIS FILE
IDEARS AUTO_ANTI_VIRUS SOFTWARE GROUP AAV MARK:4540055520
AUTO_ANTI_VIRUS
THIS FILE IS SAFE THANKS FOR USE AAV
IDEARS AUTO_ANTI_VIRUS SOFTWARE GROUP AAV MARK:4540055520


Top Viruses Visited Pages:
Constructor.VBS.Alama
IRC-Worm.Krombe
Macro.Word97.Titc
Win98.Matya
04h Famil
04h.63
10past3.
10past3.
15years.
1stVir.303
1stVir.317
2up.600
33.52
3APA3
3E.38

 


Main Menu
Home
Top Downloads
New Programs
Awards
Submit
Link to us
Spyware Definitions
Viruses Info
Recipes
Jokes
Contact us




 

 

- Privacy Policy -