today we're taking a look at the SK Windows virus.
This virus infects .exe files,
as well as archive and help files.
However, its infection routine is very meticulous
and very slow,
so I won't be able to show you it in action in this video,
as it requires a lot of different, sort of, components to come together
in order to infect a file.
So, we'll go ahead and run--
I got 4 variants here as you can see.
I'm not sure which one works,
but I know one of them does.
If we run it, we get the error messages as you can see.
"Illegal operation" or "Invalid Win32 program"
If we run Calculator, we'll see it run normally,
but I have seen the payload work,
as we're going to checkout in this video.
Now, if you rename any executable
to any, sort of, any anti-virus that it checks for--
it checks for the name.
In this case, we'll go to Kaspersky's anti-virus, "avp",
and, really quick, let's disable Shared Folders,
so I don't lose anything here.
And when we run it, we should see it delete files or,
if it's like the last take I did of this virus,
it won't do anything,
and I'll have to reshoot it.
Okay, there we go.
It actually worked first try!
I can't believe it!
This is like, the 3rd time I've recorded this virus,
and it actually worked.
So, we ran it,
and, you couldn't see the hard drive activity monitor
on the VM,
as you can see now we're frozen,
and it went through the hard drive.
So, I guess we'll have to restart.
And as we can see,
our disk is no more.
It has overwritten all the data.
Actually, with some text from the author.
What does it say?
I don't know.
What are we talking about?
I'm thinking of a different virus.
But anyway, it deletes all the files,
and all the directories it can find.
And, if I hadn't disabled Shared Folders,
it would've deleted my Shared Folder files as well.
So, virus testing is never a joke.
It can be quite dangerous,
so you gotta know what you're doing,
and you gotta be willing to lose files,
if you're going to play around with malware.
And that is about it for the SK Windows virus.