Virus Database

Email-Worm.Win32.Bagle.eg

Description Email-Worm.Win32.Bagle.eg
This worm is unable to replicate independently. However, all other functionality indicates that it is a member of the Bagle family. The worm was mass mailed using spamming technologies. The worm arrives as an attachment to infected messages. The attachment is a ZIP file approximately 6KB in sizeall.

Check other viruses! Be aware! Use Antiviral Software

MutaGen.273

Description MutaGen.273

MutaGen (MGen) is an ordinary polymorphic generator. It creates the decryption routines and encrypts the virus body, then the virus saves this part of code to the file that it is infecting.
There are several different MutaGen versions, they contain the text strings:
"MutaGen.090": [MutaGen .90ß] MnemoniX
"MutaGen.095": [MutaGen .95ß] MnemoniX
"MutaGen.100": [MutaGen 1.00] MnemoniX
"MutaGen.110": [MutaGen 1.1]MnemoniX
"MutaGen.12": [MutaGen 1.2] MnemoniX
"MutaGen.20": [MutaGen 2.0] MnemoniX

MutaGen.Agent
These viruses are included in distribution package of the MUTAGEN generator. Some of them are nonmemory resident, other stay resident in the memory and hook INT 21h. These viruses write themselves to the end of COM files. They contain one of the strings:
[MutaGenic Agent]
[MutaGenic Agent I]
[MutaGenic Agent II]
MutaGenic Agent ]I[

MutaGen.100.Garden
It is a dangerous nonmemory resident overwriting virus. It searches for three .COM and .EXE files of the current directory and overwrites them. It displays the messages:
Not enough memory.
I need 4K more to start myself!
FUCK PEARL JAM!!!!LONG LIVE TECHNO!!!!

It also contains the strings:
[Garden]This is Garden V1.0.Very simple virus.
New version will be better!!!

MutaGen.100.Secret
It is a dangerous nonmemory resident parasitic virus. It searches for COM files of current directory and writes itself to the end of the file. On 11th of any month it corrupts the COMMAND.COM file, displays the messages and reboots the computer:
I AM GOING TO FUCK YOUR HARD DISK IF YOU DON'T TYPE THE RIGHT PASSWORD.
DON'T TURN OFF YOUR COMPUTER BECAUSE I ALREADY FUCKED YOUR HARD DISK
AND I WILL FIX IT ONLY IF YOU ENTER THE RIGHT PASSWORD!!!
PASSWORD IS:
FUCK YOU!!! HA HA HA HA!!!

It also contains the strings:
[Secret Garden] by Nipple
IN MY SECRET GARDENI'AM LOOKING FOR THE PERFECT FLOWER

MutaGen.110.CF.2055
It is a harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed or opened. It contains the text string:
[BW] [Cf-252] MnemoniX Californium-252

MutaGen.110.HiTek.2193
It is a harmless nonmemory resident parasitic virus. It searches for .COM and .EXE files and writes itself to the end of the file. It contains the string:
[BW ß] [Hi Tek] by MnemoniX

Mutant.1680

Description Mutant.1680

These are not dangerous memory resident polymorphic viruses. They trace INT 21h, hook INT 1Ch and 21h and then write themselves to the COM and EXE files that are executed. Some time after the activation they plays a tune. They contain the text:
mutant

The viruses use two fairly sophisticated routines. The first one is the polymorphic routine, as a result the length of decryption rouitne varies between 65 and 149 bytes. The second routine is used to infect the files:
the virus looks for the areas that contain the constant bytes, and stores the offsets and lengths of these areas. If total length of these areas is lesser that the virus length, the virus does not infect that file.
the virus compresses these areas, and saves to its code the offsets, lengths and data to restore these areas before return the control to the host program.
the virus selects in the file the block of code, moves that code to the areas that were compressed, and overwrites that block with the encrypted virus code.
As a result, after infection of a file its length doesn't change. The virus re-infects the files, if there still are the areas with constant data. The virus stops infecting if all such areas are compressed.

Home