- ABC (computer virus)
Computer virus
Fullname = ABC
Common name = ABC
Technical name = ABC
Family = N/A
Aliases = ABC-2378, ABC.2378, ABC.2905, with variants ABC-2918, ABC-2918B
Classification =Virus
Type =DOS
Subtype = COM andEXE corrupter, other nuisance behaviors
IsolationDate = 1992
Isolation = Unknown
Origin =USSR
Author = UnknownABC, discovered in October 1992, is a memory-resident, file-infecting
computer virus which infectsEXE files and may alter both COM andEXE files. ABC activates on the 13th day of every month.Upon infection, ABC becomes memory-resident at the top of system memory but below the 640
K DOS boundary and hooksinterrupt s 16 and 1C. The copy ofcommand.com pointed to by theCOMSPEC environment variable may also be altered. ABC infects/alters COM and EXE files as they are executed.After infection, total system memory, as measured by the DOS
CHKDSK program, will not be altered, but available free memory will have decreased by approximately 8,960byte s. Altered, but not infected, COM or EXE files will have 4 to 30 bytes added to their length. Infected EXE files (COM files are never infected) have a file length increase of 2,952 to 2,972 bytes, and ABC is located at the end of the infected EXE. An altered/infected file's date and time in the DOS disk directory listing may have been updated to the current system date and time when the file was altered/infected.No text strings are visible within the viral code in infected EXE files, but the following text strings are encrypted within the initial copy of the ABC virus:
:ABC_FFEA:Minsk 8.01.92:ABC
ABC causes keystrokes on the compromised machine to be repeated. It seems double-letter combinations trigger this behavior, e.g. "book" becomes "sic|boook". System hangs may also occur when some programs are executed, a likely side-effect of ABC-induced corruption.
The ABC virus is not to be confused with the
ABC keylogger trojan , written in 2004 by Jan ten Hove. Articles relating to the ABC keylogger trojan can be found [http://www.auditmypc.com/process/keylogger.asp here] and [http://securityresponse.symantec.com/avcenter/venc/data/spyware.abckeylogger.html here] .External links
* [http://www.probertencyclopaedia.com/L2.HTM Computer Viruses (A)] , by Probert Encyclopedia
* [http://vil.nai.com/vil/content/v_98135.htm ABC] , by McAfee
* [http://securityresponse.symantec.com/avcenter/venc/data/abc.html Symantec Security Response - ABC] , by Symantec
Wikimedia Foundation. 2010.