Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Source code of computer viruses

Total Trash - Virus for MS-DOS by Sepultura

Virus for MS-DOS

Sepultura
Show all viruses by this author

1996-00-00

Comments
Download totaltrash.zip (15120 bytes) or browse online

Author's notes

Like the Mirror virus by Bit Addict [TridenT] this virus uses the opposite of stealth techniques so uninfected file appear infected. This means that if you copy or archive a file, the source will remain clean but the newly created copy will be infected. You can PKZIP an uninfected file from a write protected floppy disk, and the copy of the file in the archive will be infected. Unlike Mirror however, this virus is more intelligent in its behaviour. It only 'mirrors' an infection if DOS or a known archiver/backup/ communications product is running. The rest of the time the virus is full stealth.

Look at the evolution of the stealth virus - people used to disinfect infected files when they were open to avoid detection. This didn't work with write protected disks and slowed down the system with more disk access, so they started using 'on-the-fly' stealth where reads were redirected and data altered in memory, so the physical file on disk was never altered. This virus extends that philosophy by using it for both stealth and infection.

It also disables all activity if it detects disk diagnostics, and when DOS is running, reads are mirroed but DIR's are stealthed. This way the user doesn't notice increased file sizes, but the virus still travels via COPY. To make it more network compatible, SFT's arent used, hence we need to keep track of handles ourselves.

Advantages of this method:

Disadvantages:


By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxer.org aka vx.netlux.org