FANDOM


Virus.DOS.Apo.2108 or Apo is a virus that runs on MS-DOS.

Details

Apo is a memory resident, encrypted, parasitic virus. It hooks INT 21h and writes itself to the beginning of .COM files and to the end of .EXE files that are executed. Once files are determined to be infected, the virus renames the determined files to X$X$$X$X.$X$, infects the files, then renames the files back to their original name.

While infecting .EXE files, the virus corrects several fields in EXE header: the virus increases the length of EXE header to cover original contents of the file. As a result, the original file body is defined as EXE header, and while loading such file info the memory DOS loads only the virus body. Then the virus opens the host file, restores the fields in EXE header, executes the host file, and then writes "infected" fields back to EXE header.

The virus also hooks INT 1Ch and some time after installation erases the disk sectors. The virus has the bugs, and in some cases halts the computer. The virus contains the encrypted text string:

ApoVir

Media

No images or videos available.