Welcome to the Virus Encyclopedia of Panda Security.
It carries out damaging actions on the affected computer.
It does not spread automatically using its own means.
|First detected on:|
|Detection updated on:||Oct. 9, 2002|
| Rideon.4313 is an MS-DOS virus that infects executable files with a COM extension. It is a memory resident encrypted and polymorphic virus. It also uses several anti-debugging, anti-simulation and anti-heuristic techniques to make it more difficult to detect and examine it. However, the virus avoids infecting files when it is located in the Novell Network system. |
The action it carries out is based on deleting the antivirus program files. Furthermore, on 4th July, it triggers its payload. This consists of deleting the content of the CMOS memory and displaying a certain text message on the screen.
This virus was created in 1999 by the Spanish virus author known as "The Wizard".
In order to carry out its infection, the virus writes its encrypted code to the end of the infected file when it is closed. Furthermore, it is capable of disinfecting the 'bait' files when they are opened. When the files used as bait are closed, Rideon.4313 reinfects them. Finally, it avoids attacking files, which are used as "infection bait", or files that have sequential names.
Rideon.4313 targets certain antivirus programs, searching for and eliminating the following CRC files, corresponding to each one:
On the 4th July of any year, the virus triggers its payload. This consists of deleting the content of the CMOS. In addition, the following text message is displayed on the screen:
-- [RIDEON] (c) ThE_WiZArD / DDT (Spain) --
Along with this message, it displays the word RIDEON generated using ASCII characters.