Virus Database

Macaroni.1480.a

Description Macaroni.1480.a

Macaroni.1480 is a not dangerous memory resident parasitic virus. It hooks INT 1Ch, 21h and writes itself at the end of COM- and EXE-files that are executed or accessed with FindFirst and FindNext DOS functions. Four hours after infection of system memory the virus manifests itself with the screen "shaking". The virus contains the internal text strings:
Soldier BOB - (c)jan-94 by A:N:O:I
Programmed by Macaroni Ted
Soldier BOB - Made in Sweden
*.com *.exe

Macedonia.400

Description Macedonia.400

It's a memory resident not dangerous virus which moves the TSR-part into Interrupt Vector Table, hooks INT 21h and searches and infects .COM-files of a current directory when the one of the programs is executed. It contains the text string "*.com", from 0:00 till 5:00 o'clock it types: "MacedoniaToTheMacedonians".

Macgyver.1098

Description Macgyver.1098

These are not dangerous memory resident parasitic viruses. They hook INT 21h and write themselves at the end of files that are accessed. Depending on the current date and time they hook INT 08h and also and manifest themselves in different ways. "Macgyver.2803,2824" infect .EXE-files only, other versions hit both COM- and EXE-files. "Macgyver.4480,4645" are stealth viruses, they hook INT 2Ah also. "Macgyver.4112" is a multipartite virus, it hits MBR of hard drive and boot sectors of floppies.
These viruses contain the internal encrypted list of file names which will not be infected:
"Macgyver.2803,2824": SCAN ZTEST EXEGOD
"Macgyver.3160,4112":
SCAN CLEAN PCCILLIN ZTEST ZLOCK VI COMMAND ZLOCKE ZLOCKC DEBTPLUS
"Macgyver.4480": command ibmbio ibmdos
"Macgyver.4645": COMMAND

They also contain the internal encrypted string:
"Macgyver.2803,2824": MACGYVER V1.0 Written by JOEY in Keelung. TAIWAN
"Macgyver.2824.b: * Satan Virus * MAD !! Another Masterpiece of Sax
(c) Copyright 1993 Written by Mad Satanall Ver 2.02
MACGYVER V1.0 Written by JOEY in Keelung. TAIWAN
"Macgyver.4480": MacGyver v4.0 written by Dark Slayer in Keelung,
Taiwan. 93/09/09

By hooking INT 08h "Macgyver.2803,2824,4480" play a tune, "Macgyver.3160" displays the message:
+--------------------+
ƒ * MacGyver V2.2 * ƒ
ƒ Hi! I am MacGyver ƒ
ƒ Written by ƒ
ƒ in Keelung. TAIWAN ƒ
ƒ Don't Worry,I just ƒ
ƒ a Virus. Ha..Ha... ƒ
+--------------------+

"Macgyver.4645" displays:
+--------------------+
ƒ * MacGyver V3.0 * ƒ
ƒ Hi! I am MacGyver ƒ
ƒ Written by ƒ
ƒ Dark Slayer ƒ
ƒ in Keelung. TAIWAN ƒ
ƒ Don't Worry,I just ƒ
ƒ a Virus. Ha..Ha... ƒ
+--------------------+

Macro Virus Development Kit Constructor

Description Macro Virus Development Kit Constructor

This is a macro word tool for creating Macro.Word viruses. It contains the following macros: Install, MVDKMain, MVDKAbout, UnInstall, MVDKPayLoad.
As info about the program it states:
Macro Virus Development Kit
v1.0 beta
(c) 1996, Wild W0rker /DC

It creates text files containing the following macros:
C:FILENEW.TXT
C:FSAVEAS.TXT
C:PAYLOAD.TXT
C:FILEOPEN.TXT
C:FILESAVE.TXT
C:VirusName.TXT
C:AUTOOPEN.TXT
C:AUTOEXEC.TXT

It is able to choose one of the following effects for creating a virus:
Set Password
Erase System Files
Drop File
As a condition, it is possible to chose: Day/Second.
The file C:DROPPER.SCR contains a script with a drop file that has to exist before starting virus creation.
The virus uses a standard drop batch file. It creates the file: C:CONVERT.BAT:
@ECHO OFF
DEBUG.EXE < C:DROPPER.SCR > NUL
DEL C:DROPPER.SCR

It adds a line for executing the created virus dropper at the end of C:AUTOEXEC.BAT
There are two similar versions of this constructor: v1.0 beta and v1.0.

Macro.Access.Detox.a

Description Macro.Access.Detox.a

This virus infects MS Access databases. While infecting, the virus replaces the Autoexec script in databases and copies an additional macro named TDU to the database . This macro contains four subroutines:
TheDetoxUnit
SetStartupProperties
ChangeProperty
Info

When an infected database is opened, the Autoexec macro is activated. In infected databases it immediately calls the virus function TheDetoxUnit that searches for all databases in the current directory and infects them. While searching the virus uses the "*.MDB" mask. Before infecting the virus disables the Tools/Options menu and changes several system parameters: disables viewing macros by using hot-keys and on error while executing macros, enables executing auto-scripts when Shift key is pressed (by default pressed Shift disables auto-scripts).
The Info subroutine contains nothing but comments:
The Detox Unit Access Macro Virus
written by Sin Code IV
(an old friend by any other nameall)

Home