Abraxas (computer virus)
Encyclopedia
Abraxas, also known as Abraxas5, discovered in April 1993, is an encrypted, overwriting, file infecting computer virus
which infects .COM
and .EXE
files, although it does not infect command.com
. It does not become memory resident. Each time an infected file is executed, Abraxas infects the copy of dosshell.com located in the C:\DOS directory (creating the file if it does not exist), as well as one EXE file in the current directory. Due to a bug in the virus, only the first EXE file in any directory is infected.
Abraxas-infected files will become 1,171 byte
s in length and contain Abraxas' viral code. The file's date and time in the DOS
disk directory listing will be set to the system date and time when infection occurred. The following text strings can be found within the viral code in all Abraxas infected programs:
"*.exe c:\dos\dosshell.com .. MS-DOS (c)1992"
"->>ABRAXAS-5<<--"
"...For he is not of this day"
"...Nor he of this mind"
Execution of infected programs will also result in the display of a graphic "ABRAXAS" on the system display, accompanied by an ascending scale being played on the system speaker.
Abraxas was created with the PS-MPC virus creation tool, which can be used to create similar, easily detected viruses, which are usually encrypted as well.
More than 20 viruses have appeared which have clearly been produced with the PS-MPC:
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
which infects .COM
COM file
In many computer operating systems, a COM file is a type of executable file; the name is derived from the file name extension .COM. Originally, the term stood for "Command file", a text file containing commands to be issued to the operating system , on many of the Digital Equipment Corporation mini...
and .EXE
EXE
EXE is the common filename extension denoting an executable file in the DOS, OpenVMS, Microsoft Windows, Symbian, and OS/2 operating systems....
files, although it does not infect command.com
COMMAND.COM
COMMAND.COM is the filename of the default operating system shell for DOS operating systems and the default command line interpreter on Windows 95, Windows 98 and Windows Me...
. It does not become memory resident. Each time an infected file is executed, Abraxas infects the copy of dosshell.com located in the C:\DOS directory (creating the file if it does not exist), as well as one EXE file in the current directory. Due to a bug in the virus, only the first EXE file in any directory is infected.
Abraxas-infected files will become 1,171 byte
Byte
The byte is a unit of digital information in computing and telecommunications that most commonly consists of eight bits. Historically, a byte was the number of bits used to encode a single character of text in a computer and for this reason it is the basic addressable element in many computer...
s in length and contain Abraxas' viral code. The file's date and time in the DOS
DOS
DOS, short for "Disk Operating System", is an acronym for several closely related operating systems that dominated the IBM PC compatible market between 1981 and 1995, or until about 2000 if one includes the partially DOS-based Microsoft Windows versions 95, 98, and Millennium Edition.Related...
disk directory listing will be set to the system date and time when infection occurred. The following text strings can be found within the viral code in all Abraxas infected programs:
"*.exe c:\dos\dosshell.com .. MS-DOS (c)1992"
"->>ABRAXAS-5<<--"
"...For he is not of this day"
"...Nor he of this mind"
Execution of infected programs will also result in the display of a graphic "ABRAXAS" on the system display, accompanied by an ascending scale being played on the system speaker.
Abraxas was created with the PS-MPC virus creation tool, which can be used to create similar, easily detected viruses, which are usually encrypted as well.
More than 20 viruses have appeared which have clearly been produced with the PS-MPC:
- 203 (computer virus)
- 644 (computer virus)
- Abraxas (computer virus)
- ARCV-n (computer virus)ARCV-n (computer virus)ARCV-n is a term for a large family of viruses authored by the ARCV group through October - November 1992 and polymorphed with the PS-MPC virus generation tool . ARCV-n viruses seem to infect COM and/or EXE files rapidly, but do not damage the compromised machine, instead displaying various text...
Remark: ARCV group has also produced viruses with the TPE and developed the ARCV strain. - Joshua (computer virus)
- Kersplat (computer virus)
- McWhale (computer virus)
- Mimic (computer virus)
- Small ARCV (computer virus)
- Small EXE (computer virus)
- Swan Song (computer virus)
External links
- Abraxas virus, by McAfee
- PS-MPC Virus Generator, by University of Hamburg
- F-Secure Virus Descriptions : PS-MPC, by Mikko Hypponen, F-Secure
- ARCV Busted!, by DecimatoR
- Virus Writing Groups (A-M), by LineZer0 Network Zine