F-Secure Virus Descriptions : Vice
Vice is highly polymorphic virus, which infects COM and EXE
files when they are executed or otherwise accessed.
Vice will not infect files which have a name ending with the following
characters:
ND. (COMMAND.COM)
AN. (SCAN.EXE)
AV. (NAV.EXE, MSAV.EXE, CPAV.EXE, TBAV.EXE)
OT. (F-PROT.EXE)
NU. (Norton Utilities NU.EXE)
In addition, Vice will delete files with the following extensions:
-V? (AVP's crc database)
MS? (MSAV's crc database)
CP? (CPAV's crc database)
Vice can also detect and delete the crc database of Invircible antivirus
program, although Invircible will name it's files randomly.
In some cases Vice will also corrupt BAT files, 'infecting' them as
if they were executable files. Vice will also occasionally corrupt
program files while infecting them; such corrupted files will crash
when executed, and there is no easy way to detect them. Otherwise the
virus only spreads.
Vice allocates approximately 9 kB of memory and contains this text:
Code Journal by Virogen [NuKE]
Vice was reported to be in the wild in USA and Finland in April 1996.
[Analysis: Peter Szor, F-Secure, 1996]
|
