FANDOM


Virus.DOS.HLLO.Crash.7227 is an extremely dangerous memory resident file overwriting virus on DOS. It is written in high level programming language.

BehaviorEdit

When the virus is being run, it outputs a message claiming that there is an error on executing the program, at this moment the virus has overwritten 2 files. After that it installs itself into memory, consuming about 88K.

This virus targets only the files in the C:\DOS directory.

The virus first overwrites itself, and then it overwrites the first uninfected EXE executable file in C:\DOS, the timestamp of the file will be changed to the time of infection. Files that are smaller than the virus will have a size of 7,227 bytes after infection.

When there are already 2 infected files in the same directory, executing the virus will happen nothing other than displaying an error message or to deliver the payload. If any of the infected files has been removed or replaced with a clean copy, the virus may infect a file again when it is run.

Additionally, there are synonyms which as same as its name, some loaded programs or functions are permanently disabled by the virus, such as DOSKEY history recall and warm reset key command (Ctrl+Alt+Del). Even the user attempts to reload the programs, it would not succeed, and the user must reset the computer in order to execute them properly. On execution of infected program the system might crash.

Files that are overwritten by the virus are impossible to recover and they must be deleted or replaced with clean copies.

Advanced detailsEdit

The TSR memory usage of the virus is 89,440 bytes.

MD5 hash:

d330311be7ff8cf8d062b7bdc80c2b42

PayloadEdit

After the virus has been run 5 times, depend on the current system state, it activates by either hanging the system, or one of the following behaviors.

Denial of executionEdit

On an execution of any command, the virus jumps a blank line and displays the message:

Bad command or file name.

This blocks the user from executing anything, including internal commands, invalid commands, and also warm reset. The system becomes completely unusable until the system is rebooted.

It is noticeable that, the original message delivered by the system does not have a full-stop (the dot) at the end.

Corrupt CMOSEdit

The virus may corrupt the CMOS checksum and reset the system, the user must enter the settings again on next boot. This behavior is the similar to that in CMOSDead, MyPics, AntiCMOS, and Magistr.

Infinite system resetEdit

It might also cause the system to reset in an endless loop until it is completely crashed, show a black screen of death and would fail to reset anymore (see the screenshot above), but it is still possible to recover from a cold boot.

Other detailsEdit

There are virus sharing the same name, which are relatively harmless.

The virus contains some corrupted internal text strings:

*.*
COMMAN  D
IO.SYS
MS  DOS
Bad comman or file name.

See alsoEdit

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.