Fandom

Malware Wiki

Digi

1,336pages on
this wiki
Add New Page
Comments0 Share

Virus.DOS.Deliver.Digi.3547 is a dangerous memory resident polymorphic encrypted stealth virus on DOS.

Behavior

When the virus is loaded into memory, it hooks INT 1, 3, 1Ch and 21hto infect any DOS executable that is run, by writing itself to the end of the file.

While creating, opening or running executables it stores their names, and hits them on the files closing. On opening of infected files the virus disinfects them. On FindFirst/Next DOS calls it "decreases" the infected file length.

The virus deletes files having the filename:

CHKLIST

While the execution of CHKDSK utility it disables its FindFirst/Next handler, while execution of MKS anti-virus scanner it temporarily stops the infection. It disables the debugging of the virus code by hooking INT 1, 3.

Memory usage

The exact memory usage is 5,376 bytes.

Payload

On May, from 28th till 31th the virus overwrites the hard drive sectors with the strings:

DIGI POWER

Then it manifests itself with the video and sound effects, and displays the message:

DIGI POWER

THIS IS A NEW ... DELIVER II SÆëâlÆH (R) WRITE BY DiGiT! ... SOUTH POLAND 1995

Videos

Virus.DOS.Digi02:28

Virus.DOS.Digi.3547 (Revisited)

Digi virus review by Alles Sandro

Digi DOS Virus02:46

Digi DOS Virus

Virus.DOS.Deliver.Digi.3547 on Standalone PC

Virus.DOS.Deliver.Digi01:16

Virus.DOS.Deliver.Digi.3547

Virus.DOS.Deliver.Digi.3547 on Virtual PC

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.