Abraxas (computer virus)
From Wikipedia, the free encyclopedia
| Common name | Abraxas |
|---|---|
| Technical name | Abraxas |
| Aliases | Abraxas5 |
| Family | N/A |
| Classification | Virus |
| Type | DOS |
| Subtype | COM and EXE infector. |
| Isolation | 1993 |
| Point of Isolation | Unknown |
| Point of Origin | Europe |
| Author(s) | ARCV |
Abraxas, also known as Abraxas5, discovered in April of 1993, is an encrypted, overwriting, file infecting computer virus which infects .COM and .EXE files, although it does not infect command.com. It does not become memory resident. Each time an infected file is executed, Abraxas infects the copy of dosshell.com located in the C:\DOS directory (creating the file if it doesn't exist), as well as one EXE file in the current directory. Due to a bug in the virus, only the first EXE file in any directory is infected.
Abraxas-infected files will become 1,171 bytes in length contain Abraxas' viral code. The file's date and time in the DOS disk directory listing will be set to the system date and time when infection occurred. The following text strings can be found within the viral code in all Abraxas infected programs:
"*.exe c:\dos\dosshell.com .. MS-DOS (c)1992"
"->>ABRAXAS-5<<--"
"...For he is not of this day"
"...Nor he of this mind"
Execution of infected programs will also result in the display of a graphic "ABRAXAS" on the system display, accompanied by an ascending scale being played on the system speaker.
Abraxas was created with the PS-MPC virus creation tool, which can be used to create similar, easily detected viruses, which are usually encrypted as well.
More than 20 viruses have appeared which have clearly been produced with the PS-MPC:
- 203 (computer virus)
- 644 (computer virus)
- Abraxas (computer virus)
- ARCV-n (computer virus) Remark: ARCV group has also produced viruses with the TPE and developed the ARCV strain.
- Joshua (computer virus)
- Kersplat (computer virus)
- McWhale (computer virus)
- Mimic (computer virus)
- Small_ARCV (computer virus)
- Small_EXE (computer virus)
- Swan_Song (computer virus)
[edit] See also
[edit] External links
- Abraxas virus, by McAfee
- PS-MPC Virus Generator, by University of Hamburg
- F-Secure Virus Descriptions : PS-MPC, by Mikko Hypponen, F-Secure
- ARCV Busted!, by DecimatoR
- Virus Writing Groups (A-M), by LineZer0 Network Zine
