Virus Database

Mgn.2048.a

Description Mgn.2048.a

These are harmless memory resident encrypted parasitic viruses. They were received from Magnitogorsk city (Russia). The viruses hook INT 8, 13h, 21h and write themselves to the end of COM and EXE files that are executed or closed, the COMMAND.COM file is infected by the algorithm of the "Lehigh" virus. The viruses disinfect the infected files that are opened, they also do not infect the files when the Num-Ins-Ctrl keys are pressed at the same time. Therefore the simplest way to cure a computer infected by such viruses is to process by any anti-virus program all COM and EXE files in all directories on all disks having Num-Ins-Ctrl pressed, and then to reboot the computer.
The viruses contain the string "COMMAND". "Mgn.2560.c" replaces the 50h disk type with the 51h in the Partition Table (these disk types are used by Disk Manager utility). "Mgn.2048" hourly "overturn" the screen. "Mgn.2048.b" contains the text:
Shadow & Safe

"Mgn.2560.a,b,c" periodically display:
+--------------------------------------+
ƒ Mr. Lozinsky ! ƒ
ƒ Just read documentation on your ƒ
ƒ AIDSTEST (1-Oct-90 version) we ƒ
ƒ release new virus. Create improved ƒ
ƒ versions of AIDSTEST, please ! ƒ
ƒ(C) TinySoft&Electronics,Inc. 3-Nov-90ƒ
+--------------------------------------+

"Mgn.3000" sets the screen colors to white/blue/red (the colors of Russian national flag).

MGTU.273

Description MGTU.273

This is a dangerous very primitive nonmemory resident parasitic virus. It searches for all .COM files in the current directory, using FCB from PSP, then it writes itself to the end of the file. The virus does not manifests itself in any way. It contains the text in Russian - "This program is written in MGTU by a student of group IU4" (MGTU - Moscow college).

MGUL.1953

Description MGUL.1953

This is a dangerous memory resident parasitic stealth virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are accessed.
It also hooks INT 1, 3, 8. On June 11th and November 30th, it erases the hard drive MBR. It reboots the computer if the virus is under a debugger. It contains the following string:
MGUL. v2.5

MGUL.1962

Description MGUL.1962

This is a dangerous memory resident parasitic stealth virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are accessed.
It also hooks INT 1, 3, 8. On June 11th and November 30th, it erases the hard drive MBR. It reboots the computer if the virus is under a debugger.

MGUL.925

Description MGUL.925

This is a dangerous memory resident parasitic stealth virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are accessed.
It also hooks INT 8 and sometimes reboots the computer.

Home