> Zdravim konferenci, > nasel jsem na jednom CD 8 viru Win32/kenston, hledal jsem na to na Igiho > strance, ale nenasel jsem to. Nevite nekdo neco o tomhle viru? > Tomas Martinek Je to nerezidentni virus napadajici EXE soubory typu PE. Virus je zakodovany jednoduchym algoritmem s pouzitim funkce XOR s delkou klice 1 bajt. Naimportuje adresy funkci GetProcAdress, LoadLibraryA, FindFirstFileA, FindNextFileA, FindClose, SetFileAttributesA, SetFileTime, CreateFileA, ReadFile, WriteFile, SetFilePointer, CloseHandle a SetCurrentDirectoryA ,GetCurrentDirectoryA. Po naimportovani potrebnych funkci vyhledava virus vhodne EXE soubory v jednotlivych podadresarich a napada je. Napadene programy si oznaci tak, ze na offest 0x3B v EXE hlavicke zapise pismeno "a". V tele virusu se nachazeji nasledujici retezce: Boles and Manning are arrogant facists. They have no computer sk1llz and KENSTON HIGH SCHOOL's computers are 0wn3d. I AM BACK KOONS YOU MOTHERFUCKER dowN wiTh KenSTON..... yOU tRIED tO rID yOUrSELf oF mE BefoRE bUT fAILED HAHAHAHAHAHAHAHAHAHAHAHAHAHAHA Nebo taky www.google.com => Win32/kenston, cca 62 stranek. -o:-)ndra-
This archive was generated by hypermail 2.1.2 : 29. 05. 2002, 00:06 CEST