Alert icon
We're changing our privacy policy. This stuff matters.  Learn more  Dismiss

Polish DOS virus Deliver.Stealth.3547

Sign in or sign up now!
Alert icon
Upgrade to the latest Flash Player for improved playback performance. Upgrade now or more info.
1,186
Loading...
Alert icon
Sign in or sign up now!
Alert icon

Uploaded by on Sep 7, 2009

PL (english description below):
Użyj pauzy, jeśli chcesz przeczytać opis.
Opis i demonstracja efektów specjalnych polskiego wirusa Deliver.Stealth, pochodzące ze starej, dosowej wersji programu MkS_Vir.
Wirus (po dokonaniu destrukcji) demonstruje ciekawy efekt graficzny, ale DOSBox nie potrafi go poprawnie odtworzyć, tak więc uruchomiłem MkSa na moim starym komputerze z P200MMX i nagrałem "demo" przy pomocy aparatu.
Odgrywana przez wirusa melodia to temat z niemieckiego filmu wojennego "Okręt", skomponowany przez Klausa Doldingera.

EN:
This is the description (translation below) of polish virus Deliver.Stealth.3547 (viruslist.com refers to it as "Deliver.Digi.3547") and also demonstration of its payload. These are taken from old version of MkS_Vir, a polish anti-virus scanner. DOS versions of this software included very detailed virus encyclopedia, with "demos" of audio and video effects of some viruses.
This virus manifests itself with pretty interesting video effect, but DOSBox cannot display it properly. I decided to run MkS_Vir on my old machine with P200MMX and record the "demo" with my camera.
The melody played by the virus is, in fact, a main theme from the german war movie "Das Boot", composed by Klaus Doldinger.

This is the english translation of the description:
"This is a dangerous, polymorphic, memory-resident, stealth virus that infects COM and EXE files.
Files are infected upon closing (usually during copying) and execution. They grow by 3547 bytes and the virus modifies their time stamps - it changes the amount of seconds to 60. These changes aren't visible if the virus resides in memory. Antivirus programs which examine files using checksum also won't notice anything, because the residing virus temporarily disinfects files upon opening.
Polymorphic encryption routines are generated in a very primitive way. The author divided his encryption algorithm into 18 parts and wrote five equivalent variants for every one of them(so the whole engine consists of 90 fragments!). The virus builds the routine by putting together randomly selected variants.
This virus contains a destructive payload. From 28th to 31st. May, after an infection attempt, it overwrites hard drive tracks (first 20 tracks under every head of disk C:). Then it displays a colorful, animated screen with words DIGI POWER and plays few bars of a melody.
This payload (but without video and sound effects) may be triggered also on other days, when some other, additional conditions are met. Use of a debugger may trigger the destruction pretty quickly."

Category:

Entertainment

Tags:

License:

Standard YouTube License

  • likes, 0 dislikes

Link to this comment:

Share to:
see all

Video Responses

see all

All Comments (4)

Sign In or Sign Up now to post a comment!

  • Sounds like Shaggy's Lonely Lover :D

    HappyCat32 8 months ago

  • I guess Blueshark was truly only begin. He DID say he be back.

    Punisher106 1 year ago

  • this virus ate up my external hard drive free space. i dont know how that happened, it was also running on a virtual machine

    TheHacker32 1 year ago

  • Link do MS-DOS PL!

    dorotek000 2 years ago

Loading...
Alert icon
0 / 00Unsaved Playlist Return to active list
    1. Your queue is empty. Add videos to your queue using this button:
      or sign in to load a different list.
    Loading...Loading...Saving...
    • Clear all videos from this list
    • Learn more