F-Secure Virus Descriptions : Rescue
The Rescue virus stays resident in memory and infects EXE files.
The virus allocates 4096 bytes of memory while it's resident.
Infected EXE files grow approximately by 3434 bytes.
The virus displays the following messages by random:
Kill an evil satanic ANTI-VIRAL product for Jesus today!
Stop Disinfectants NOW!
Ain't aLife A Beautiful Choice?
And God Said, "Let There Be Life!", and there was.....
Save the Viruses! They're People Too!!!!
PRO-aLIFE and PROUD! STOP THE VIRUS KILLERS! HALT THE AV!
STORM THE COMPU-CLINICS! DON'T LET THEM KILL THE VIRUSES!!
Operation Rescue-II, Save the HELPLESS UNBORN Viruses!!!
Rescue targets the following antivirus products:
F-PROT.EXE, TBSCAN.EXE, TBAV.EXE, TBCLEAN.EXE, SCAN.EXE, CLEAN.EXE
VIRSTOP.EXE, MSAV.EXE, VSAFE.EXE, CPAV.EXE, FSP.EXE, VDEFEND.EXE
Whenever one of the above products is executed while the virus is
resident in memory, it will be overwritten by a 2169 byte long
trojan horse. When this trojan is run, it displays a colourful screen
with the following texts:
1,000,000,000 Viruses DIED Today! And yesterday, and more will
die tomorrow!
_/\_STOP THE KILLING!_/\_
-==[OPERATION RESCUE II - SAVING THE BABY VIRUSES!!!!]==--
Look What You're Doing To Them!
Below is an aborted virus... Support PRO-aLIFE Activism!
This program has been TERMINATED by the Virus Survival
Underground Movement. It had long stood as a horrible BABY VIRUS
KILLER, and had to be removed. Life, What a Beautiful Choice (tm).
Eddie Lives, Somewhere in time!
1704 Jerusalem Casino :( ;( =( Smeg off!
Frodo Lives! APRIL FOOLS! Get a late pass! Datacrime
Brain Void-Poem Your PC is now STONED!
Copy me, I want to travel!
[Analysis: Mikko Hypponen, F-Secure]
|
