Fandom

Malware Wiki

Vanitas

1,319pages on
this wiki
Add New Page
Comments0 Share

Virus.DOS.Vanitas is a dangerous memory resident parasitic encrypted virus on DOS.

There are 5 variants:

  • Virus.DOS.Vanitas.2040 (plus B)
  • Virus.DOS.Vanitas.3712 (A, B and C)

BehaviorEdit

When the virus is in memory, it hooks INT 21h to infect any EXE executable file that are accessed by writing itself to the end the file. The virus does not infect files having the filename:

EMM386 SCAN F-PROT

While installing memory resident the virus also infects the C:\WINDOWS\COMMAND.COM and C:\COMMAND.COM, if available, as they are also in MZ EXE format in DOS version 7.

The virus has a bug and may halt the system while installing memory resident, so debugging is required in order to let the virus to install itself into memory.

PayloadEdit

On March 27 the virus manifests itself by a video effect.

Other detailsEdit

The virus contains the text strings:

VANITAS++ v2.0 GR(c)97 by ANAX.
[E-75] goes to Hell. Have a nice death...

VideosEdit

Virus.DOS23:36

Virus.DOS.Vanitas

Vanitas virus review by danooct1

Virus.DOS.Vanitas16:02

Virus.DOS.Vanitas.3712-0

Virus.DOS.Vanitas.3712

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.