Abraxas (computer virus)
Abraxas, also known as Abraxas5, discovered in April 1993, is an encrypted, overwriting, file infecting computer virus which infects .COM and .EXE files, although it does not infect command.com. It does not become memory resident. Each time an infected file is executed, Abraxas infects the copy of dosshell.com located in the C:\DOS directory (creating the file if it does not exist), as well as one EXE file in the current directory. Due to a bug in the virus, only the first EXE file in any directory is infected.
Common name | Abraxas |
---|---|
Technical name | Abraxas |
Aliases | Abraxas5 |
Family | N/A |
Classification | Virus |
Type | DOS |
Subtype | COM and EXE infector. |
Isolation | 1993 |
Point of isolation | Unknown |
Point of origin | Russian Federation[1] |
Author(s) | ARCV |
Abraxas-infected files will become 1,171 bytes in length and contain Abraxas' viral code. The file's date and time in the DOS disk directory listing will be set to the system date and time when infection occurred. The following text strings can be found within the viral code in all Abraxas infected programs:
"*.exe c:\dos\dosshell.com .. MS-DOS (c)1992"
"->>ABRAXAS-5<<--"
"...For he is not of this day"
"...Nor he of this mind"
Execution of infected programs will also result in the display of a graphic "ABRAXAS" on the system display, accompanied by an ascending scale being played on the system speaker.
Abraxas was created with the PS-MPC virus creation tool, which can be used to create similar, easily detected viruses, which are usually encrypted as well.
More than 20 viruses have appeared which have clearly been produced with the PS-MPC:
- 203 (computer virus)
- 644 (computer virus)
- Abraxas (computer virus)
- ARCV-n (computer virus) Remark: ARCV group has also produced viruses with the TPE and developed the ARCV strain.
- Joshua (computer virus)
- Kersplat (computer virus)
- McWhale (computer virus)
- Mimic (computer virus)
- Small ARCV (computer virus)
- Small EXE (computer virus)
- Swan Song (computer virus)
The name "Abraxas" was also used for a virus in the video game Tron: Evolution.
See also
References
- "Virus.DOS.Abraxas.Cleton.1518 [Kaspersky Lab] is also known as:". Threat Expert. Archived from the original on 4 March 2016. Retrieved 11 February 2013.
External links
- Abraxas virus, by McAfee
- PS-MPC Virus Generator, by University of Hamburg
- F-Secure Virus Descriptions : PS-MPC, by Mikko Hypponen, F-Secure
- ARCV Busted!, by DecimatoR
- Virus Writing Groups (A-M), by LineZer0 Network Zine