OneHalf (computer virus)
Encyclopedia
OneHalf is a DOS-based polymorphic
computer virus
(hybrid boot and file infector). It is also known as Slovak Bomber, Freelove or Explosion-II. It infects master boot record of the hard disk, COM files and executable files. It will not infect files that have SCAN, CLEAN, FINDVIRU, GUARD, NOD, VSAFE, MSAV or CHKDSK in the name. It is known for its peculiar payload: it encrypts certain parts of user's Hard disk
, but then decrypts them on-the-fly when they are accessed, thus user does not notice anything. The encryption is done by bitwise XORing by a randomly generated key, which can be decrypted simply by XORing with the same bit stream again. However, careless disinfection will result in data loss; if the user does not decrypt the data, then destroys the virus which decrypts and accesses it, the data will be lost. The virus will display the following message on 4th, 8th, 10th, 14th, 18th, 20th, 24th, 28th and 30th of any month and under some other conditions:
It is also known as one of the first viruses to implement a technique of "patchy infection", introduced in Bomber
.
OneHalf has many variants.
Polymorphic code
In computer terminology, polymorphic code is code that uses a polymorphic engine to mutate while keeping the original algorithm intact. That is, the code changes itself each time it runs, but the function of the code will not change at all...
computer virus
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
(hybrid boot and file infector). It is also known as Slovak Bomber, Freelove or Explosion-II. It infects master boot record of the hard disk, COM files and executable files. It will not infect files that have SCAN, CLEAN, FINDVIRU, GUARD, NOD, VSAFE, MSAV or CHKDSK in the name. It is known for its peculiar payload: it encrypts certain parts of user's Hard disk
Hard disk
A hard disk drive is a non-volatile, random access digital magnetic data storage device. It features rotating rigid platters on a motor-driven spindle within a protective enclosure. Data is magnetically read from and written to the platter by read/write heads that float on a film of air above the...
, but then decrypts them on-the-fly when they are accessed, thus user does not notice anything. The encryption is done by bitwise XORing by a randomly generated key, which can be decrypted simply by XORing with the same bit stream again. However, careless disinfection will result in data loss; if the user does not decrypt the data, then destroys the virus which decrypts and accesses it, the data will be lost. The virus will display the following message on 4th, 8th, 10th, 14th, 18th, 20th, 24th, 28th and 30th of any month and under some other conditions:
Dis is one half.
Press any key to continue ...
It is also known as one of the first viruses to implement a technique of "patchy infection", introduced in Bomber
Bomber (computer virus)
Bomber is a DOS polymorphic computer virus known for its technique of "patchy infection". Contrary to the usual method of infecting executables , it inserts several fragments of its code in random places inside the file...
.
OneHalf has many variants.