FANDOM


Virus.DOS.BlackIce.1930 is a dangerous memory resident parasitic polymorphic encrypted DOS virus.

Behavior

When the virus is loaded into memory, it hooks INT 21h to infect any EXE executable that is run, by writing itself to the end of the file. It does not infect files smaller than 65,536 bytes (64KB).

The infection size varies in different files.

The virus might crash the system on infecting some of the files.

The virus does not infect the following anti-virus programs:

SCAN CLEAN F-PROT

Memory usage

The exact memory usage is 5,008 bytes.

Payload

When any program is run in between August and December inclusive while the virus is in memory. It attempts to delete all the files in current directory and those in every subdirectory.

While deleting, the virus displays the following line in red of every deleted file:

|Deleted  (file) | Don°t Worry BlackIce is Working for U

However the virus contains bugs so that it would crash the system during deletion.

Other details

The virus contains the encrypted internal text string:

by Phil Katz ITALY. See U Soon

References

Securelist (Kaspersky Labs), Virus.DOS.BlackIce.1930

Videos

Virus.DOS.BlackIce02:06

Virus.DOS.BlackIce.1930

Virus.DOS.BlackIce.1930

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.