Fandom

Malware Wiki

Accept

1,319pages on
this wiki
Add New Page
Comments0 Share

Virus.DOS.Accept or Accept is a very dangerous memory resident parasitic encrypted DOS virus.

There are 2 variants:

  • Virus.DOS.Accept.3619
  • Virus.DOS.Accept.3773

Behavior Edit

When the virus is loaded into memory, it infects first 4 uninfected executable in both DOS and EXE formats, i.e. 8 files, followed by hooking INT 21h and 7Eh to infect any executable that is run, plus 3 extra files, i.e. the virus infects 4 files on every run.

If the file to be run has been already infected, the virus searches for other 4 uninfected files in same format to infect.

The virus consumes about 8K in memory.

Both variants check and ignore files having any of the filenames:

COMMAND SCAN CLEAN NAV CPAV BOOTSAFE

Accept.3619 Edit

This variant also ignores files having the filename:

VSHIELD

Accept.3773 Edit

This variant also ignores files having any of the filenames:

VSAFE MAVGUARD SHVGUARD VIRTEST VCARE DAILY DISKPART

Memory usage Edit

The following table shows the memory usage of the variants.

Variant Memory usage in bytes
Accept.3619 8,224
Accept.3773 8,384

PayloadEdit

Both variants activate on March 28th and December 20th.

When an infected program is run on any of these days, the virus corrupts the disk sectors and crash the system.

Other detailsEdit

Both variants contain the encrypted internal text strings:

*.COM
*.EXE
747
ME PERDI A ACCEPT, SOY UN PELOTUDO

Accept.3619 also contains the encrypted internal text strings:

COMMANDSCANCLEANVSHIELDNAVCPAVBOOTSAFE

Accept.3773 also contains the encrypted internal text strings:

COMMANDSCANCLEANNAVCPAVBOOTSAFEVSAFEIBMAVSHVGUARDVIRTESTVCAREDAILYDISKPART

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.