Fandom

Malware Wiki

HLLO.Crash

1,326pages on
this wiki
Add New Page
Comments0 Share

Virus.DOS.HLLO.Crash.7227 is an extremely dangerous memory resident file overwriting virus on DOS. It is written in high level programming language.

BehaviorEdit

When the virus is being run, it outputs a message claiming that there is an error on executing the program, at this moment the virus has overwritten 2 files. After that it installs itself into memory, consuming about 88K.

This virus targets only the files in the C:\DOS directory.

The virus first overwrites itself, and then it overwrites the first uninfected EXE executable in C:\DOS, the timestamp of the file will be changed to the time of infection. Files that are smaller than the virus will have a size of 7,227 bytes after infection.

When there are already 2 infected files in the same directory, executing the virus will happen nothing other than displaying an error message or to deliver the payload. If any of the infected files has been removed or replaced with a clean copy, the virus may infect a file again when it is run.

Additionally, there are synonyms which as same as its name, some loaded programs or functions are permanently disabled by the virus, such as DOSKEY history recall and warm reset key command (CTRL-ALT-DEL). Even the user attempts to reload the programs, it would not succeed, and the user must reset the computer in order to execute them properly. On execution of infected program the system might crash.

Files that are overwritten by the virus are impossible to recover and they must be deleted or replaced with clean copies.

Memory usageEdit

The exact memory usage is 89,440 bytes.

PayloadEdit

After the virus has been run for 5 times, it either hangs the system, or activates one of the following behaviors.

Blocking the user from doing tasksEdit

On an execution of any command, the virus jumps a blank line and displays the message:

Bad command or file name.

This blocks the user from executing anything, including internal commands, invalid commands, and CTRL-ALT-DEL. The system becomes completely unusable until the system is rebooted.

It is noticeable that, the original message delivered by the system does not have a full-stop (the dot) at the end.

Corrupt CMOSEdit

The virus may corrupt the CMOS checksum and cause a system reset. This behavior is the same as that of CMOSDead, MyPics, AntiCMOS, and Magistr.

Infinite system resetEdit

It might also cause the system to reset in an endless loop until it is completely crashed, show a black screen of death and would fail to reset anymore (see the screenshot above), but it is still possible to recover from a cold boot.

Other detailsEdit

There are virus sharing the same name, which are relatively harmless.

The virus contains some corrupted internal text strings:

*.*
COMMAN  D
IO.SYS
MS  DOS
Bad comman or file name.

See alsoEdit

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.