Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Source code of computer viruses

Creutzfeldt-Jakob Disease - Virus for Windows by Neurobasher

Virus for Windows

Neurobasher
Show all viruses by this author

2003-04-00

Comments
Download cjdisease.zip (64966 bytes) or browse online

Author's decsription

It is a very complex parasitic highly polymorphic Win32 virus that uses the entry-point obscuring technique. The virus uses a metamorphic engine and permutates its code. The virus infects Windows executable files (Win32 PE EXE). When run the virus searches for these files and randomly infects them by different infection sheme. The virus searches for Win32 PE executable files in the current and five levels upper directories, also on the available network and removable media and in the directories if their names not begin with "W", and infects them. The virus doesn't infect files if their names begin with several suspicious caracters like anti*,...

or if the name contains the 'V' letter, and depending on the random counter value. While infecting files the virus rebuilds and encrypts its body and writes it to one of the host file's sections. Then, it searches for and replaces one of the calls to the "ExitProcess" function in the host's code section with the call to the viral code. Several functions depends on randomness and are mutated from generation to generation also.

Payload

Depending on the system date the virus displays various messages There's a really small chance the virus allows multipe infections of the files. This files were corrupted and won't work anymore.


By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxer.org aka vx.netlux.org