FANDOM


Virus.DOS.Blazer.1000 is a very dangerous parasitic virus on DOS.

Behavior

When the virus is run, it infects C:\COMMAND.COM and the first uninfected DOS executable file.

Advanced details

This virus attaches itself on COMMAND.COM so that it would be called once when the system starts.

MD5 hash:

03b72805fa577af46e1e0d4c987d4293

Payload

The virus activates when the value of day is equal to month and the hour is equal to minute (e.g. September 9th, 12:12).

It displays a chunk of assembly code, with its logo and copyright notice:

/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\ CSEG:OFFS OPCODE        PSEUDO INSTR.  /
/ 1F47:0103 90            NOP            \
\ 1F47:0104 0000          ADD [BX+SI],AL /
/ 1F47:0106 E80000        CALL 0109      \
\ 1F47:0109 5D            POP BP         /
/ 1F47:010A 81ED0901      SUB BP,0109    \
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
          -=≡ßL/\ZΣR≡=- (c)'1994

And deletes all files in the current directory, files in subdirectory are not affected.

If the payload triggers upon system start (executing the infected COMMAND), all files in uppermost directory including hidden system files IO.SYS and MSDOS.SYS, will be deleted. When the computer is rebooted, it will fail to load the system.

Other details

Deleted files are possible to recover using Undelete before rebooting, but the infected files must be replaced with clean copies, or the virus might activate again or hang the system when it is loaded next time.