|
| |
ABC
|
| |
ABC
|
| |
N/A
|
| |
ABC-2378, ABC2378, ABC2905, with variants ABC-2918, ABC-2918B
|
| |
Virus
|
| |
DOS
|
| |
COM and EXE corrupter, other nuisance behaviors
|
| |
1992
|
| |
Unknown
|
| |
USSR
|
| |
Unknown
|
, discovered in October of 1992, is a memory-resident, file-infecting
Computer Virus which infects
EXE files and may alter both
COM and
EXE files. ABC activates on the
13th Day of every month.
Upon infection, ABC becomes memory-resident at the top of system memory but below the 640
K DOS boundary and
Hooks Interrupt s 16 and 1C. The copy of
Command.com pointed to by the
COMSPEC Environment Variable may also be altered. ABC infects/alters COM and EXE files as they are executed.
After infection, total system memory, as measured by the DOS
CHKDSK program, will not be altered, but available free memory will have decreased by approximately 8,960
Byte s. Altered, but not infected, COM or EXE files will have 4 to 30 bytes added to their length. Infected EXE files (COM files are never infected) have a file length increase of 2,952 to 2,972 bytes, and ABC is located at the end of the infected EXE. An altered/infected file's date and time in the DOS disk directory listing may have been updated to the current system date and time when the file was altered/infected.
No text strings are visible within the viral code in infected EXE files, but the following text strings are encrypted within the initial copy of the ABC virus:
:ABC_FFEA
:Minsk 8.01.92
:ABC
ABC causes keystrokes on the compromised machine to be repeated. It seems double-letter combinations trigger this behavior, e.g. "book" becomes "boook". System hangs may also occur when some programs are executed, a likely side-effect of ABC-induced corruption.
The ABC virus is not to be confused with the
ABC Keylogger Trojan , written in 2004 by Jan ten Hove. Articles relating to the ABC keylogger trojan can be found
here and
here .
