Fandom

Malware Wiki

Blazer

1,346pages on
this wiki
Add New Page
Comments0 Share

Virus.DOS.Blazer.1000 is a very dangerous parasitic virus on DOS.

Behavior

When the virus is run, it infects C:\COMMAND.COM and the first uninfected DOS executable file.

Payload

The virus activates when the value of day is equal to month and the hour is equal to minute (e.g. September 9th, 12:12).

It displays a chunk of assembly code, with its logo and copyright notice:

/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\ CSEG:OFFS OPCODE        PSEUDO INSTR.  /
/ 1F47:0103 90            NOP            \
\ 1F47:0104 0000          ADD [BX+SI],AL /
/ 1F47:0106 E80000        CALL 0109      \
\ 1F47:0109 5D            POP BP         /
/ 1F47:010A 81ED0901      SUB BP,0109    \
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
          -=≡ßL/\ZΣR≡=- (c)'1994

And deletes all files in the current directory, files in subdirectory are not affected.

If the payload triggers upon system start (executing the infected COMMAND), all files in uppermost directory including hidden system files IO.SYS and MSDOS.SYS, will be deleted. When the computer is rebooted, it will fail to load the system.

Other details

Deleted files are possible to recover using Undelete before rebooting, but the infected files must be replaced with clean copies, or the virus might activate again or hang the system when it is loaded next time.

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.