Рет қаралды 160
Visit my Linktree to access my socials and other channels: linktr.ee/maus...
-----------------------------------------------------------
. MTZ (variant 1907) is an encrypted, TSR parasitic infector of .COM files within DOS. When loaded it first examines the version of DOS that is running and if it discovers that it isn't at least version 5.0 then it will not load. If it is at least version 5.0 then it loads into memory and hooks interrupts 3 (for encryption/decryption of infected files), 15 (for BIOS services likely monitoring and manipulating keyboard input) and 21 (for file access). It will then proceed to infect .COM files as they are accessed provided they are at least 2048 bytes in size; smaller will be ignored. Infected files that are subsequently accessed will be decrypted to run and then re-encrypted when finished.
Payload: If MTZ is present within memory and interrupt 15 detects a ctrl-alt-del input via the keyboard then the virus will switch the display to CGA mode and show a myriad of dots appearing and fading accompanied by ticking sounds. It will also display at the top the text:
"Y.K.K. - (c) M T Z - Italy!"
"Good Luck Today"
which will alternate colors at random accompanied by a standard BEEP. The keyboard will be locked out thus requiring a hard reset/power off to clear.
#virus #dos #malware
-----------------------------------------------------------
Like the Facebook page: / brian.mausolf
Follow me on Twitter: / mausolfb