- ABC (computer virus)
Fullname = ABC
Common name = ABC
Technical name = ABC
Family = N/A
Aliases = ABC-2378, ABC.2378, ABC.2905, with variants ABC-2918, ABC-2918B
Subtype = COM and
EXEcorrupter, other nuisance behaviors
IsolationDate = 1992
Isolation = Unknown
Author = Unknown
Upon infection, ABC becomes memory-resident at the top of system memory but below the 640
KDOS boundary and hooks interrupts 16 and 1C. The copy of command.compointed to by the COMSPEC environment variablemay also be altered. ABC infects/alters COM and EXE files as they are executed.
After infection, total system memory, as measured by the DOS
CHKDSKprogram, will not be altered, but available free memory will have decreased by approximately 8,960 bytes. Altered, but not infected, COM or EXE files will have 4 to 30 bytes added to their length. Infected EXE files (COM files are never infected) have a file length increase of 2,952 to 2,972 bytes, and ABC is located at the end of the infected EXE. An altered/infected file's date and time in the DOS disk directory listing may have been updated to the current system date and time when the file was altered/infected.
No text strings are visible within the viral code in infected EXE files, but the following text strings are encrypted within the initial copy of the ABC virus:
ABC causes keystrokes on the compromised machine to be repeated. It seems double-letter combinations trigger this behavior, e.g. "book" becomes "sic|boook". System hangs may also occur when some programs are executed, a likely side-effect of ABC-induced corruption.
The ABC virus is not to be confused with the
ABC keylogger trojan, written in 2004 by Jan ten Hove. Articles relating to the ABC keylogger trojan can be found [http://www.auditmypc.com/process/keylogger.asp here] and [http://securityresponse.symantec.com/avcenter/venc/data/spyware.abckeylogger.html here] .
* [http://www.probertencyclopaedia.com/L2.HTM Computer Viruses (A)] , by Probert Encyclopedia
* [http://vil.nai.com/vil/content/v_98135.htm ABC] , by McAfee
* [http://securityresponse.symantec.com/avcenter/venc/data/abc.html Symantec Security Response - ABC] , by Symantec
Wikimedia Foundation. 2010.