Search:       

Saturday, 17 May 2008       

TCE.Chaos-AD.337 Spyware/Adware Definition


Name: TCE.Chaos-AD.337
Category: Viruses
Description: Details
TCE.Chaos-AD.3375

It is not a dangerous memory resident stealth parasitic virus. While installing the virus performs several unusual actions. First, it gets the address of original INT 21h handler: the virus hooks INT 2Ah, calls INT 21h, then original DOS INT 21h handler calls INT 2Ah (from DOS kernel), the virus receives control, get the address of instruction that calls INT 2Ah, and searches for INT 21h code in that area. Then the virus allocates the system memory (conventional or UMB), stores itself into there, copies a part of its code into the BIOS data area (0000:04B0), and sets INT 21h address to that code. As the result INT 21h address points not to virus code, but to BIOS data area. That code checks presence of a debugger, and passes the control to the virus only if there is no debugger.
Being installed into the system memory the virus writes itself to the end of COM and EXE files that are accessed. While opening an infected file the virus disinfects it, the virus does not disinfect the file if it is opened by archiving utility (see the list below). The virus also pays attention to several disk checking utilities, and disables the part of stealth routine if they are executing, the virus also check the file name and does not infect COMMAND.COM and several anti-virus programs. The list of anti-viruses, disk checking and anti-virus utilities contains two bytes per each of the names, and looks as follows:
anti-viruses: COF-AV-VTBVI00VB
disk checking: CHSCDENDSPPR
archivers: ARPKRAUCLHZIUUIV
The virus also deletes anti-virus database files: CHKLIST.MS, CHKLIST.CPS, ANTI-VIR.DAT.
The 64th generation of the virus hooks INT 9, 2Fh and some time after installation displays the message:
- [CHAOS-AD] - CODED BY SEPULTURA - AUSTRALIA - 1995 -
-=> LIVING-IN-A-DYING-AGE-PERSECUTE-THE-HUMAN-RACE <=-
REFUSE
RESIST
RELOVE
REMATE
SUFFER
REHATE
REJECT
PROGRESS
PROCESS
PROTEST
NO REST
TCE seems to be the next polymorphic generator. The code of that generator contains the text string:
[TCE-0.4]


Top Viruses Visited Pages:
ECW.57
Gorgan.271
Gorill
Guerilla.199
HLLP.Nover.771
Holiday Famil
HS.90
Hydra_II Famil
I-Worm.Mimail.
I-Worm.MyLife.
I-Worm.MyLife.
I-Worm.Sobig.
Ice Famil
IDEA.612
Imi.1536.

 

Main Menu
Home
Top Downloads
New Programs
Awards
Submit
Link to us
Spyware Definitions
Viruses Info
Recipes
Jokes
Contact us

Spyware Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially dangerous utilities/tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


Partners
Softs Land
Hotel Reservations
Computer Articles
Viruses Info
Free Downloads
Data Recovery Shareware Downloads Free Articles
Cooks Recipes
Download Programs
Windows Drivers
MySpace Generators

Check PageRank

 

 
- Privacy Policy -