|Place of Origin||Mechelen, Belgium|
|Infection Length||73,728 bytes|
When an infected file is executed, Scrambler creates a copy of its code in the Windows System folder. The file name will be five random characters along with a .exe extension. It will be used later for sending the virus through IRC channels and email.
Scrambler then looks in the Windows folder for files to infect. It avoids files beginning with the letters 'E', 'P', 'R', 'T' and 'W'. It will also infect all .exe files in the mIRC Download folder regardless of what characters appear in its file name, assuming this folder exists. It prepends itself to these files.
If it finds one, it overwrites the SCRIPT.INI file in the standard mIRC directories on drives C:, D:, E: and F:. The virus writes a short script that sends itself to each user on the channel the infected user is on. It also creates a Visual Basic script named SCRAMBLER.VBS which will connect to MS Outlook and send a copy of itself to the user's first 90 contacts. The message will be empty and the subject will be "Check this out, it's funny!".
It then creates a file named WINSTART.BAT in the Windows folder, which blanks the screen and displays the message "Today.. I'm going to scramble your mind..". It also creates the file SCRAM.SYS that contains the text "Scrambler by Gigabyte". It also scans the hard drives for .MP3 files and corrupts them.
This variant is the only one for which the source code is available. It is mostly similar with a few negligible exceptions. It avoids files with file names beginning with the letters 'P', 'R', 'E', 'T', 'W' or 'w', files with 'D' as the fourth letter or 'R' as the sixth letter.
This variant is similar to the previous two. It is named for a band the creator was fond of. Its email message contains the subject "Subject: Faster.. harder.. your PC will run like a scooter!" and an attachment of five random characters followed by .exe. A bulk of the file size is an MP3 file containing a sample of music by the band scooter, which it unpacks to the Windows System folder. It also creates a file there named SCOOTER.SYS with the text "Faster.. harder.. scooter!".
F-Secure Antivirus, Threat Description: Scrambler. 2000.09
Gigabyte. Scrambler.B source code.