FANDOM


Virus.DOS.Holiday is a memory resident parasitic virus on DOS.

There are 3 variants:

  • Virus.DOS.Holiday.2900
  • Virus.DOS.Holiday.3000 (plus B)

BehaviorEdit

When the virus is loaded into memory, it hooks INT 21h and writes itself to the end of the executables that are run. A system hang might occur when some of the infected files are run.

The infection size of COM files is fixed while that of EXE is variable.

For Holiday.3000 and 3000.b, after infecting the first file, it also infects C:\COMMAND.COM, making it to be loaded on every system start.

Advanced detailsEdit

The following table shows the TSR memory usage of the variants.

Variant Memory usage in bytes
Holiday.2900 2,912
Holiday.3000 (plus B) 3,008

MD5 hashes:

Variant Hash
Holiday.2900 5c22db8348e7f7b5e650bcf158681a6a
Holiday.3000 2f90a01e3e88b4f9e774b775eadf204b
Holiday.3000.b 0c7779789af5f4cae8ff95022e6241d3

PayloadEdit

Holiday activates on March 3rd.

When an infected program is run, the virus displays a red message box, disables keyboard input and temporary hangs the system:

ATTENTION!

I'm very sorry, today is my holiday.
So, I can't serve you, cause I want to play on your computers.

DON'T TURN OFF YOUR COMPUTER UNTIL TOMORROW,
OR YOUR DATA WILL BE LOST!!!

I'll be back to serve you tomorrow.

Thank You,

AAA

When the system date advances to March 4th. Then the viruses changes the message:

Thank You for playing, see you...

Please, hit ENTER!

When ENTER is pressed, the computer reboots.

Other detailsEdit

The virus contains the internal text string:

apa saja

ReferencesEdit

  1. List of variants of the Holiday virus on VX Heaven

VideosEdit

Virus.DOS.Holiday01:57

Virus.DOS.Holiday.2900

Holiday virus review by Alles Sandro

Virus.DOS02:07

Virus.DOS.Holiday

Holiday virus review by danooct1

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.