Abraxas (computer virus)

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Abraxas
Common name Abraxas
Technical name Abraxas
Aliases Abraxas5
Family N/A
Classification Virus
Type DOS
Subtype COM and EXE infector.
Isolation 1993
Point of isolation Unknown
Point of Origin Russian Federation[1]
Author(s) ARCV

Abraxas, also known as Abraxas5, discovered in April 1993, is an encrypted, overwriting, file infecting computer virus which infects .COM and .EXE files, although it does not infect command.com. It does not become memory resident. Each time an infected file is executed, Abraxas infects the copy of dosshell.com located in the C:\DOS directory (creating the file if it does not exist), as well as one EXE file in the current directory. Due to a bug in the virus, only the first EXE file in any directory is infected.

Abraxas-infected files will become 1,171 bytes in length and contain Abraxas' viral code. The file's date and time in the DOS disk directory listing will be set to the system date and time when infection occurred. The following text strings can be found within the viral code in all Abraxas infected programs:

"*.exe c:\dos\dosshell.com .. MS-DOS (c)1992"

"->>ABRAXAS-5<<--"

"...For he is not of this day"

"...Nor he of this mind"

Execution of infected programs will also result in the display of a graphic "ABRAXAS" on the system display, accompanied by an ascending scale being played on the system speaker.

Abraxas was created with the PS-MPC virus creation tool, which can be used to create similar, easily detected viruses, which are usually encrypted as well.

More than 20 viruses have appeared which have clearly been produced with the PS-MPC:

See also[edit]

References[edit]

  1. ^ "Virus.DOS.Abraxas.Cleton.1518 [Kaspersky Lab] is also known as:". Threat Expert. Retrieved 11 February 2013. 

External links[edit]