Where to Buy Trend Micro Products

For Home

For Small Business

1-888-762-8736
(M-F 8:00am-5:00pm CST)

For Enterprise

1-877-218-7353
(M-F 8:00am-5:00pm CST)

Not in the United States?
Select the country/language of your choice:

Asia Pacific Region

Europe

The Americas

Not in the United States?
Select the country/language of your choice:

Asia/Pacific

Europe

America

Login

For Home

For Business

For Partners

Threat Encyclopedia

HALLOWEEN

Malware type: File Infector

Aliases: Halloween(Symantec), Halloween(Sophos), Virus.DOS.HLLP.Halloween(Kaspersky), Helloween #1(Avira), HLLP.Halloween(F-Prot), HLLP.10000a(McAfee)

In the wild: No

Overall risk rating:

For additional information about this threat, see:

Description created: Mar. 9, 2000 1:45:50 PM GMT -0800


TECHNICAL DETAILS


Payload 1: Creates Files

Trigger date 1: October 31st

Trigger condition 1: Date AND infected files are found

Payload 2: Displays Message

Trigger date 1: October 31st

Trigger condition 1: Date AND infected files are found

Details:
Execution Procedure: 1) The virus checks whether it is already loaded resident in memory. If No, it then loads itself resident into memory by hooking INT 21h. 2) It then executes the original file. 3) With itself loaded resident into memory it will infect any uninfected file that is executed.
Damage: Virus finds an executable file (first .EXE file then .COM) in current directory and proceeds to infect it. It will display: Runtime error 002 at 0000:0511
on screen if no uninfected files are found.
Detection Method: Every Oct 31, the virus will create a 10KB-long file and display: Runtime error 150 at 0000:0AC8.
Note: 1) Loads itself resident in memory. An error message appears if there is an I/O error (such as write protect).


Featured Stories

Connect with us on