OneHalf

From Wikipedia, the free encyclopedia
  (Redirected from OneHalf (computer virus))
Jump to: navigation, search
OneHalf
Common name OneHalf
Technical name OneHalf
Aliases Slovak Bomber
Family OneHalf
Classification Virus
Type DOS
Subtype file and boot infector
Isolation 1994
Point of isolation Unknown
Point of Origin Slovakia

OneHalf is a DOS-based polymorphic computer virus (hybrid boot and file infector) discovered in October,1994.[1] It is also known as Slovak Bomber, Freelove or Explosion-II.[2] It infects master boot record of the hard disk, and files with extensions .COM, .SCR and .EXE.[3] It will not infect files that have SCAN, CLEAN, FINDVIRU, GUARD, NOD, VSAFE, MSAV or CHKDSK in the name.[4] It is known for its peculiar payload: it encrypts certain parts of user's Hard disk, but then decrypts them at the moment of access, thus user does not notice anything. The encryption is done by bitwise XORing by a randomly generated key, which can be decrypted simply by XORing with the same bit stream again. However, careless disinfection will result in data loss; if the user does not decrypt the data, then destroys the virus which decrypts and accesses it, the data will be lost. The virus will display the following message on 4th, 8th, 10th, 14th, 18th, 20th, 24th, 28th and 30th of any month and under some other conditions:[4]

Dis is one half.

Press any key to continue ...[5]

It is also known as one of the first viruses to implement a technique of "patchy infection", introduced in Bomber.

OneHalf has many variants.[6]

References[edit]

  1. ^ "One Half Virus". VSUM. Retrieved 13 February 2013. 
  2. ^ http://www.f-secure.com/v-descs/one_half.shtml
  3. ^ "One-half virus". Proland Software. Retrieved 13 February 2013. 
  4. ^ a b http://virus.wikidot.com/onehalf
  5. ^ "One_Half". Symantec. Retrieved 13 February 2013. 
  6. ^ "One Half". ESET. Retrieved 13 February 2013. 

External links[edit]