FANDOM


Virus.DOS.MtE.Groove is a memory resident parasitic virus on DOS.

Behavior

When an infected file is run, the virus installs itself into memory at the top of system memory, just below the 640K DOS boundary, hooking INT 21 to infect any executable file that is run later on. The time and date of infected files are changed to that of the system at the time of infection. Groove will avoid infecting files below a certain size.

At half past midnight on any day, it will show the following message:

Dont wory, you are not alone at this hour...
ThisVirus is NOT dedicated to Sara
its dedicated to her Groove (...Thats my name)
This Virus is only a test Virus there for
be ready for my Next Test ....

If the following AntiVirus products are present on the system, Groove will attempt to corrupt or delete the product's datafiles: Symantec's Norton Anti-Virus, Certus' Novi, Central Point Anti-Virus, Dr. Solomon's Anti-Viral Toolkit, Fifth Generation Systems' Untouchable, and XTree's ViruSafe with the following files affected:

C:\NAV_._NO
C:\NOVIRCVR.CTS
C:\NOVIPERF.DAT
C:\CPAV\CHKLIST.CPS
C:\TOOLKIT\FILES.LST
C:\UNTOUCH\UT.UT1
C:\UNTOUCH\UT.UT2
C:\VS.VS

Due to possibly poor programming or a bug in the virus code, files infected with Groove often do not work properly. If COMMAND.COM becomes infected, the system can be rendered unbootable.

The virus uses a modified version of the Dark Avenger Mutation Engine (DAME) for its encryption, it also was the first virus to use this engine to infect EXE files.

Other details

This virus was also implemented in Abraxas.1214, which also contains an indecent ASCII image. However, this was used also in Walker.

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.