Welcome to the Virus Encyclopedia of Panda Security.
It is a virus that uses the technique known as EPO (Entry Point Obscuring) in order to infect MSH files.
|First detected on:||Aug. 5, 2005|
|Detection updated on:||Aug. 5, 2005|
|Country of origin:||AUSTRIA|
Damon.C is a proof of concept virus that uses the technique known as EPO (Entry Point Obscuring) in order to infect files with an MSH extension.
By using this method, Damon.C adds its own code to an intermediate point of the code of the original file, which is obtained through a pseudorandom value that consists in the combined size of all the files in the current directory.
This technique hinders the detection of this virus, as it is necessary to analyse the whole file in order to determine if it is infected.
MSH (Microsoft Shell), also known as Monad, is a shell that will replace earlier shells, such as cmd and command. New characteristics of MSH include the capability to interact with .NET objects, among others.
This shell will be included in the Windows Vista operating system, but not by default.
Damon.C is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.