Virus Database

Ekoterror

Description Ekoterror

It's a memory resident dangerous multipartite stealth virus. On execution of infected file it writes itself into MBR of hard drive (it occupies the sectors from 0/0/1 till 0/0/5 - track/head/sector) and returns the control to the host program. On loading from infected sector it hooks INT 8, 13h, then by using INT 8 it hooks INT 21h and writes itself at the beginning of the .COM-files on their creating.
Sometimes it decrypts and types:
EkoTerror (C) 1991 ATK-toimisto P.Linkola Oy
Kovalevysi on poistettu käytöstä luonnonsuojelun nimessä.
Vihreässä yhteiskunnassa ei saa olla ydinsähköllä toimivia kovalevyjä.

and then hangs up the computer. It infects incorrectly some types of hard drives, DOS hangs up on loading in these cases.

Check other viruses! Be aware! Use Antiviral Software

Lithium.4113

Description Lithium.4113

It is not a dangerous memory resident multipartite polymorphic and stealth virus. It infects COM, EXE files, the MBR of the hard drive and boot sector on floppy disks. When an infected file is executed, the virus infects the MBR and returns control to the host program. While loading from infected disk the virus hooks INT 13h, waits for DOS loading, then hooks INT 21h. By hooking INT 13h the virus infects floppy disk boot sector and run its stealth routine while accessing to the infected disks. By hooking INT 21h the virus also runs its stealth routine as well as affects DOS executable files that are accessed. The virus disables its stealth routines when PKZIP or BACKUP utilities are active. The virus also checks the file names and does not infect several anti-viruses and utilities according to the list:
CHKD F- VIR SCAN CLEAN VSHI ITAV SKUD AVIR MSAV CPAV VSAF VWAT NAV THS TB
VI- FLU ATP DOO WOLF QUA

Depending on the system date the virus runs some video effect. The virus contains the text strings:
Lithium
Nuotando nel miele
Accecati dalla luce
Oppressi dalla liberta'
Nauseati dai falsi e facili sorrisi
Lottiamo per trovare qualcosa in cui credere.
Le note della rabbia e dell'instabilita'
sono il detonatore della voglia di proseguireall
...'CAUSE WE'RE ALIVE!
You'llKnowWhatNITROMeans!
byATPY
GENOCIDEYouthEnergy

LittBrother Family

Description LittBrother Family

There are harmless memory resident companion viruses. They copy themselves into the DOS data area and hook INT 21h. When an .EXE file is executing, these viruses create the COM files with the same name but .COM extension.
Several of these viruses contain the text: "Little Brother".
On November, 3rd some of the viruses display the messages:
"LittBrother.349": DID YOU VOTE, SHITHEAD??
"LittBrother.385": Elvis is dead!Virus: Elvis is Dead
Author: Dead Elvis [FLooD]

On January, 1st "LittBrother.393,398" display:
"LittBrother.393,395": Ein gutes neues Jahr !
"LittBrother.398": Working on New year ???

Home