Skip navigation.
Home

Old file virus?

|

Hi.

I am looking for a standard file virus, you remember the type that propagate itself by infecting other files and so on.

Now for the hard part, i have some requirements:

1. It must NOT crash or corrupt the system, like prevent it from rebooting, i do not want to reinstall each time i run it.

2. It must NOT require a network connection, the testing environment will be totally isolated from networks.

3. It must NOT crash any debugger tools.

4. It must NOT lock files while running.

5. It must NOT alter any ACL on NTFS partitions (Did any virus even bother to do this?)

And...it would be great if it works in Windows XP and newer systems (Ok, i still have Win95/Win98 cd somewhere in an emergency).

If anyone has any to recommend for my research project, i would appreciate it since i have supressed all information i had in my head about file viruses.

Thanks in advance,
Ichinin

kwang2 or something like that

it is a PE infector, adds 12k to each PE file it finds (notepad.exe) and keeps replicating, does not require network

Hidrag.A added about 6k of

Hidrag.A added about 6k of text to each executable

File infector

Win32.Pinfi (Symantec) was a fun one I looked at a while ago. Check Symantec's writeup for the basics. If I can scrounge up a copy, I'll post it.

posted it

Search on...

MD5 2a710bbb5a23bd7154d082f03fce86bd

A/V INFO:
-----------------------------------------------
F-Prot: W32/Parite.B
BitDefender: Win32.Parite.B
Kaspersky: Virus.Win32.Parite.b
ClamAV: W32.Parite.B
AntiVir:

Symantec detects the sample as W32.Pinfi, McAfee as W32/Pate, TrendMicro as PE_PARITE.A.

Ichi -- I don't know if Pinfi meets your original requirements. Check out any of the 29A stuff. They wrote some effective file infectors like yellow fever.