Fandom

Malware Wiki

Apo

1,327pages on
this wiki
Add New Page
Comments0 Share

Virus.DOS.Apo.2108 or Apo is a virus that runs on MS-DOS.

DetailsEdit

Apo is a memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the beginning of .COM and end of .EXE files that are executed. While infection of the files the virus renames them to the name X$X$$X$X.$X$, infects and then renames back to original name.

While infecting .EXE files the virus corrects several fields in EXE header: the virus increases the length of EXE header to cover original contents of the file. As a result the original file body is defined as EXE header, and while loading such file info the memory DOS loads only the virus body. Then the virus opens the host file, restores the fields in EXE header, executes host file, and then writes "infected" fields back to EXE header.

The virus also hooks INT 1Ch and some time after installation erases the disk sectors. The virus has the bugs, and in some cases halts the computer. The virus contains the encrypted text string:

ApoVir

MediaEdit

No images or videos available.

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.