Techguy
December 13, 2000, 06:56 pm
PE_SPACES.1445
Risk rating:
Virus type: File Infector
Destructive: N
Aliases:
W95/SPACES.1445, W95/BUSM.1445, SPACES.1445
Description:
This destructive Windows virus destroys the Master Boot Record (MBR) of the system hard disk if the current system date is June 1. Due to this, the virus also causes boot-up failure. It is memory resident and is capable of infecting both Windows 9x and Windows NT 4.0 systems.
In the wild: Yes
Trigger date 1: June 1st
Payload 1: Corrupt Hard Disk and modifies MBR
Detected by pattern file#: 635
Detected by scan engine#: 5.000
Language:
English
Platform: Windows
Encrypted: Yes
Size of virus: 1,445 Bytes
Details:
Upon execution, this virus checks for copies of itself in the memory. It uses a low level system function or the VXD function, VXDCALLFSMGR_GET_VERSION, to do this. If there are no copies, then it resides in the memory.
It becomes active in the memory and infects all .EXE files executed. It then appends itself at the end of the last section of the host file and increases the size of the file by 1,445 Bytes.
If the current system date is June 1, the virus modifies the MBR of the hard disk, which results in data loss and causes system boot-up failure.
------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.
Risk rating:
Virus type: File Infector
Destructive: N
Aliases:
W95/SPACES.1445, W95/BUSM.1445, SPACES.1445
Description:
This destructive Windows virus destroys the Master Boot Record (MBR) of the system hard disk if the current system date is June 1. Due to this, the virus also causes boot-up failure. It is memory resident and is capable of infecting both Windows 9x and Windows NT 4.0 systems.
In the wild: Yes
Trigger date 1: June 1st
Payload 1: Corrupt Hard Disk and modifies MBR
Detected by pattern file#: 635
Detected by scan engine#: 5.000
Language:
English
Platform: Windows
Encrypted: Yes
Size of virus: 1,445 Bytes
Details:
Upon execution, this virus checks for copies of itself in the memory. It uses a low level system function or the VXD function, VXDCALLFSMGR_GET_VERSION, to do this. If there are no copies, then it resides in the memory.
It becomes active in the memory and infects all .EXE files executed. It then appends itself at the end of the last section of the host file and increases the size of the file by 1,445 Bytes.
If the current system date is June 1, the virus modifies the MBR of the hard disk, which results in data loss and causes system boot-up failure.
------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.