This article is about the original Abraxas. For the second version, see Abraxas_II.
There are 7 variants in 3 versions, represented by the following:
There are additional 2 variants which also belong to this family.
This family of viruses uses file replacement overwriting technique to infect files, and they are not recoverable.
Abraxas.1170, 1171, 1200 and 1214
When the virus is run, the virus infects C:\DOS\DOSSHELL.COM, if no such file is found, the virus creates the file. The virus also overwrites an EXE executable in the current directory and copy this infected file to the parent directory for further spreading.
Abraxas.1214 infects C:\COMMAND.COM instead of DOSSHELL.COM.
The timestamp of the infected file will be the time of infection.
After an infection, the virus changes the current directory to one upper level.
This variant is a memory resident. Due to some programming faults, the virus installs itself into memory without infecting any file after the first run. It would infect files on the second run and so on.
After an infection, the virus changes the current directory to one upper level, a copy of the infected EXE file also appears in the parent directory.
This variant is slightly different to the others, see Brain.
The following table shows the memory usage of the variants.
|Variant||Memory usage in bytes|
|Abraxas.1200 (A and B)||Non-TSR|
Abraxas.1170, 1171, 1200 and 1304
When an infected program is run, the virus plays an ascending scale from the system speaker, followed by displaying the following text in ASCII art:
For Abraxas.1200.b, the display of the ASCII art is corrupted.
For Abraxas.1304, due to some programming faults, the audible payload is not triggered on the first run but would display the ASCII art twice. On the second run and so on, the virus would play the scale but no ASCII art will be displayed.
This variant plays a tune which is similar to Burma and displays an indecent ASCII image (with the message "Sara's Groove") that was used in some Groove strains.
This family has 9 variants in total:
- Virus.DOS.Abraxas.1200 (A and B)
- Virus.DOS.Abraxas.Cleton (2 variants)
Also, there are more than 20 viruses have appeared which have clearly been produced with the PS-MPC:
- ARCV-n (Remark: ARCV group has also produced viruses with the TPE and developed the ARCV strain)
- Small ARCV
- Small EXE
- Swan Song
Abraxas was created with the PS-MPC virus creation tool, which can be used to create similar, easily detected viruses, which are usually encrypted as well.
The name "Abraxas" was used for a virus in the game Evolution.
Abraxas.1881 has been identified as Brain by some antiviruses.
Abraxas.1170, 1171, 1200 and 1304 contain the internal text strings:
*.exe c:\dos\dosshell.com .. MS-DOS (c)1992 ->>ABRAXAS-5<<-- ...For he is not of this day ...Nor he of this mind
Abraxas.1214 contains the internal text strings:
*.exe c:\command.com .. Darkest Avenger Isnt dedicated to Sara Gordon Its dedicated to her GROOVE!
Abraxas.1881 contains the internal text strings:
*.exe *.com ..
- List of variants of the Abraxas virus on VX Heaven