[VirusName] : Knorkator
[VirusAutor]: Acid Bytes
[Type]
: TSR COM/EXE/BIN/OVL/OVR infector
[Date]
: 09/10/99
[Special F.]: Some retro/anti-debug
technics, safety checks and error handling.
It infects on: execute, open, ext. open, delete, attrib, rename, create
and close !!!
[Based on] : The virus code
is based on no-frills code, using direct manipulation of the MCB chain.
[Size]
: 1000 bytes
[Info]
: This is just a funny virus, with funny payload and so on, nothing really
groundbreaking or new. The code is commented, so newbies may learn from
it.
Feel free to use some of the code in your own virus if you like to.
[Detection] : -AVPv3.0 (build129)-->suspicous,type:ComTsr
-AVGv6.0 --->detected as infected/not specific
-Norton Antivirus v5.00.01 --->no detection
-IKARUS virusUTILITIES v3.13a --->no detection
-Thunderbyte AntiVirus v8.07pro --->detected as Burma.1 virus
--->flags: c,F,L,M,Z,O,B,X,t (guess thats all a virus can have,hehe)
U see, like said it's a fun-virus, which is not prepared to survive in
the wild.
[Contact] :
acidbytes@gmx.net -> IRC: Undernet/#vir/#virus