Virus Database


Description Andromeda.758

It's a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself at the end of .COM-files (except COMMAND.COM). It searches for the files for infection on execution of any program. On infection it uses FCB functions of file reading/writing. On October, 5th it erases the FAT of A: drive. It contains the internal text string "[ANDROMEDA V1.1] BUDAPEST HUNGARY".


Description Andry.2900
It is a dangerous memory resident parasitic virus. It hooks INT 9, 21h and writes itself to the end of COM and EXE files that are executed. After infecting a file the virus attempts to infect the COMMAND.COM file in the root directory on the current disk.
The virus has errors and infects files two and more times. It also installs itself in the memory so many times as infected programs are executed. As a result in some time DOS memory will be occupied by virus copy and the system will not load any application.
By hooking INT 9 (keyboard) the virus depending "eats" each 100th keystroke. On March 1st the virus displays the message:
| xxxxx xxx xx xxxxx xxxxxx xx xx |
| xx xx xx x xx xx x xx xx xx xx |
| xxxxxxx xx x xx xx xx xxxxxx xx |
| xx xx xx x xx xx x xx xx xx |
| xx xx xx xxx xxxxx xx xx xx |
| |
| xxxxx xx xx xxxxxx xx xxxxx xxxxxxxx xx xxxxx xxx xx |
| xx xx xx xx xx xx xx xx xx xx xx xx x xx |
| xx xxxxxxx xxxxxx xx xxxxx xx xx xxxxxxx xx x xx |
| xx xx xx xx xx xx xx xx xx xx xx xx x xx |
| xxxxx xx xx xx xx xx xxxxx xx xx xx xx xx xxx |
The virus then waits for March 2nd and displays:
The virus also contains the text string:
~INA (ž) 1997 Hackware Technology Research~


Description Andry.565

Harmless memory resident virus. It hooks INT 21h and writes itself to the end of executed COM files. Makes no indications of itself on an infected system. Contains a string:
ViRuZ by Andry Christian


Description Andryushka.3536

These are very dangerous memory-resident polymorphic viruses. They affect COM- and EXE-files (excluding COMMAND.COM) whenever an infected file is started (search in directories). "Andryushka" also infect files from its TSR-copy (when the files are opened, run, renamed and so on). After getting infection from virus "Andryushka.3536" EXE-files are changed to COM-format (see the "VACSINA" viruses). The virus penetrates into the middle of a file. The part of the infected file where the virus has been written to is encrypted and placed at the end of the infected file.
The virus creates counters in the Boot-sectors of disks and depending on the counters values may corrupt some sectors on the disk C:. On doing this the virus plays a tune and displays the following text:
ƒ Hello!!! ƒ
ƒ My name is Andryushka ƒ
ƒ I come from Perm,USSR ƒ

The virus also contains the text: "insufficient memory". "Andryushka" works with interrupt handlers fairly well: it saves a part of the INT 25h handler in its own body and writes its code (call to INT 21h) into the emptied place. When INT 25h is called its handler is restored.


Description Andy.998

These are dangerous memory resident parasitic viruses. They hook INT 21h, 28h and infect COM files that are executed. The viruses have bugs and halt the system if there is no UMB memory. While infecting they write themselves to the end of the file. The viruses do not infect files immediately when they are executed, but delay it up to INT 28h call (DOS internal idle). So they infect files in the "background".
"Andy.998" also hooks INT 13h and on 15th of any month writes data to disk instead of reading. This definitely corrupts data on the disk. "Andy.1016.b" hooks INT 13h as well, but it disables writing to disks on any day, that corrupts data that is copied or modified. "Andy.1016.a" hooks INT 1Ch and depending on their internal counters changes color of the screen and disables keyboard.
The viruses contain the texts:
"Andy.998": ANDY-3
"Andy.1016.a": ANDY-1
"Andy.1016.b": ANDY-2


Viruses from A to Z
0-9 A B D E F G H I J

Seo Marketing
Cheap Ipods
Carmen Electra
Fg Marder

    Copyright © 2005
© 2005