Fandom

Malware Wiki

AAV

1,319pages on
this wiki
Add New Page
Comments0 Share

Virus.DOS.AAV.8824 or AAV is a virus that runs on MS-DOS.

PayloadEdit

AAV is a memory resident parasitic virus. It hooks INT 10h, 13h, 16h, 21h and stays memory resident.

When any file is executed, or on DOS GetDiskSpace call, or in its INT 10h handler, if the system is not busy, the virus searches for .COM and .EXE files and writes itself to the end of the file.

The virus pays special attention for C:\COMMAND.COM file and infects it in the way similar to the "Peasant" virus - it overwrites the beginning of the COMMAND.COM with 512 bytes of virus loader and saves the original COMMAND.COM's header and the rest of the virus code to the not used sectors of the first track on the hard drive.

When infected COMMAND.COM is executed, virus loader reads the rest of the virus code from the hard drive, stays memory resident, then restores the original beginning of COMMAND.COM and returns control.

This way of infection may corrupt the data and the files. The virus may also halt the system while loading memory resident - it uses quite complex way of interrupts hooking/releasing and may corrupt DOS kernel.

Depending on the system time, date and several other conditions the virus displays the messages in Chinese and in English:

THIS FILE MAY BE INFECTED WITH VIRUS
TO KILL VIRUS,YOU CAN REINSTALL THIS FILE
IDEARS AUTO_ANTI_VIRUS SOFTWARE GROUP    AAV  MARK:4540055520
AUTO_ANTI_VIRUS
THIS FILE IS SAFE     THANKS FOR USE  AAV
IDEARS AUTO_ANTI_VIRUS SOFTWARE GROUP    AAV  MARK:4540055520

MediaEdit

No images or videos available

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.