Abraxas (computer virus)
||This article includes a list of references, but its sources remain unclear because it has insufficient inline citations. (March 2010)|
|Subtype||COM and EXE infector.|
|Point of isolation||Unknown|
|Point of Origin||Russian Federation|
Abraxas, also known as Abraxas5, discovered in April 1993, is an encrypted, overwriting, file infecting computer virus which infects .COM and .EXE files, although it does not infect command.com. It does not become memory resident. Each time an infected file is executed, Abraxas infects the copy of dosshell.com located in the C:\DOS directory (creating the file if it does not exist), as well as one EXE file in the current directory. Due to a bug in the virus, only the first EXE file in any directory is infected.
Abraxas-infected files will become 1,171 bytes in length and contain Abraxas' viral code. The file's date and time in the DOS disk directory listing will be set to the system date and time when infection occurred. The following text strings can be found within the viral code in all Abraxas infected programs:
"*.exe c:\dos\dosshell.com .. MS-DOS (c)1992"
"...For he is not of this day"
"...Nor he of this mind"
Execution of infected programs will also result in the display of a graphic "ABRAXAS" on the system display, accompanied by an ascending scale being played on the system speaker.
Abraxas was created with the PS-MPC virus creation tool, which can be used to create similar, easily detected viruses, which are usually encrypted as well.
More than 20 viruses have appeared which have clearly been produced with the PS-MPC:
- 203 (computer virus)
- 644 (computer virus)
- Abraxas (computer virus)
- ARCV-n (computer virus) Remark: ARCV group has also produced viruses with the TPE and developed the ARCV strain.
- Joshua (computer virus)
- Kersplat (computer virus)
- McWhale (computer virus)
- Mimic (computer virus)
- Small ARCV (computer virus)
- Small EXE (computer virus)
- Swan Song (computer virus)
- "Virus.DOS.Abraxas.Cleton.1518 [Kaspersky Lab] is also known as:". Threat Expert. Retrieved 11 February 2013.