ABC, discovered in October 1992, is a memory-resident, file-infecting
computer virus which infects
EXE
Exe or EXE may refer to:
* .exe, a file extension
* exe., abbreviation for executive
Places
* River Exe, in England
* Exe Estuary, in England
* Exe Island, in Exeter, England
Transportation and vehicles
* Exe (locomotive), a British locomotive
...
files and may alter both
COM and
EXE
Exe or EXE may refer to:
* .exe, a file extension
* exe., abbreviation for executive
Places
* River Exe, in England
* Exe Estuary, in England
* Exe Island, in Exeter, England
Transportation and vehicles
* Exe (locomotive), a British locomotive
...
files. ABC activates on the
13th day of every month.
Upon infection, ABC becomes memory-resident at the top of system memory but below the 640
K DOS boundary and
hooks interrupt
In digital computers, an interrupt (sometimes referred to as a trap) is a request for the processor to ''interrupt'' currently executing code (when permitted), so that the event can be processed in a timely manner. If the request is accepted, ...
s 16 and 1C. The copy of
command.com
COMMAND.COM is the default command-line interpreter for MS-DOS, Windows 95, Windows 98 and Windows Me. In the case of DOS, it is the default user interface as well. It has an additional role as the usual first program run after boot (init proc ...
pointed to by the
COMSPEC environment variable
An environment variable is a dynamic-named value that can affect the way running processes will behave on a computer. They are part of the environment in which a process runs. For example, a running process can query the value of the TEMP envi ...
may also be altered. ABC infects/alters COM and EXE files as they are executed.
After infection, total system memory, as measured by the DOS
CHKDSK
In computing, CHKDSK (short for "check disk") is a system tool and command in DOS, Digital Research FlexOS, IBM/Toshiba 4690 OS, IBM OS/2, Microsoft Windows and related operating systems. It verifies the file system integrity of a volume and ...
program, will not be altered, but available free memory will have decreased by approximately 8,960
byte
The byte is a unit of digital information that most commonly consists of eight bits. Historically, the byte was the number of bits used to encode a single character of text in a computer and for this reason it is the smallest addressable uni ...
s. Altered, but not infected, COM or EXE files will have 4 to 30 bytes added to their length. Infected EXE files (COM files are never infected) have a file length increase of 2,952 to 2,972 bytes, and ABC is located at the end of the infected EXE. An altered/infected file's date and time in the DOS disk directory listing may have been updated to the current system date and time when the file was altered/infected.
No text strings are visible within the viral code in infected EXE files, but the following text strings are encrypted within the initial copy of the ABC virus:
:ABC_FFEA
:Minsk 8.01.92
:ABC
ABC causes keystrokes on the compromised machine to be repeated. It seems double-letter combinations trigger this behavior, e.g. "book" becomes "". System hangs may also occur when some programs are executed, a likely side effect of ABC-induced corruption.
The ABC virus is not to be confused with the ABC keylogger trojan, written in 2004 by Jan ten Hove.
External links
Computer Viruses (A) by Probert Encyclopedia
by Symantec
References
{{DEFAULTSORT:Abc
DOS file viruses