Distributed By Amateur Virus Creation & Research Group (AVCR) Name Of Virus: Connie ----------------------------------------------------------------------------- Alias: Connie.A (From TBAV 6.26) ----------------------------------------------------------------------------- Type Of Code: Encrypted with Debugger Trap, Uses Dark Slayer's Mutation Eng. ----------------------------------------------------------------------------- VSUM Information: (NONE) ----------------------------------------------------------------------------- Antivirus Detection: (1) ThunderByte Anti Virus (TBAV) reported files as infected with Connie.A (2) Frisk Software's F-Protect (F-PROT) reported infected files as Nothing. (3) McAfee Softwares Anti Virus (SCAN.EXE) reported infected files as nothing. (4) MicroSoft Anti Virus (MSAV.EXE) reported infected files as nothing. ----------------------------------------------------------------------------- Execution Results: On it's first run, it hits Command.Com Immediately. It traces back to find where the boot (command.com) was loaded, and then tries to infect it. It does not change dates or times on infected files, but you will notice an increase of 1761 bytes in each infected file. This virus will only hit .COM files, and once executed, goes memory resident. ----------------------------------------------------------------------------- Cleaning Recommendations:TBAV's TBCLEAN can easily remove it ----------------------------------------------------------------------------- Researcher's Notes: Connie will hit all Com files that are executed or copied. It will hit the original file, and also the copied file as it is moved. It hooks Int's 21, 30, ED, EE, F0, F5, F6, F9, and FD. Connie sits in memory at location 09F240 - 09FFFF... (High as it can go) -The W$l-