- 0 Talk
-
Shoerec
| Shoerec | |
| Type | File virus |
|---|---|
| Creator | |
| Date Discovered | 2000.03.21 |
| Place of Origin | |
| Source Language | |
| Platform | MS Windows |
| File type(s) | .exe |
| Infection Length | |
| Reported Costs | |
Shoerec is a virus with a payload similar to that of Magistr. Another part of its payload pays tribute to the Brain virus.
Behavior
Edit
Added by WikiaBotWhen executed, Shoerec generates a random letter andf searches for all files in the current directory with that name three times. It infects Portable executables, hiding as a process thread and then appending itself to the file.
Four months after the initial infection, the virus activates a payload similar to that of Magistr. It causes icons to move away from the cursor as if trying to run away from it.
There is another payload that activates on the 1st, 2nd or 3rd of any month. It infects files on these days with a trojan routine. Seven months after infecting the files, the routine will erase all files on the current drive. It also createsd and overwrites the WIN.COM with either random junk or the following text (paying homage to Brain):
(c) 1999 Brain & Amjads (pvt) Ltd VIRUS_SHOE RECORD v20.0 Dedicated to the dynamic memories of millions of virus who are no longer with us today - Thanks
OriginEdit
Shoerec was originally posted to newsgroups as the files FUN.EXE, BOXING.EXE or NOSTRESS.EXE. Its icon made it look like a Shockwave file. When executed, it showed an image of a boxer.
SourcesEdit
Kaspersky Lab. SecureList, Virus.Win9x.Shoerec. 2001.01.14
Proland, Shoerec virus
