ExeBug.d
Description ExeBug.d
This is a family of boot and multipartite stealth viruses. They hook INT 13h and write themselves to the MBR of the hard drive and boot sectors of the floppy disks. Multipartite viruses of that family overwrite the headers of EXE file with a virus dropper. Other viruses overwrite the EXE files with trojan programs that erase the hard drive sectors when infected files are executed.
It occupies two sectors and hooks INT 1Ch, but there is only the first virus sector in my collection, and it is not enough for complete analysis.
Check other viruses! Be aware! Use Antiviral Software
DAN.WMA.451
Description DAN.WMA.451
It is a dangerous memory resident multipartite virus. While executing an infected file the virus infects the MBR of the hard drive and returns to DOS. The virus stays memory resident while loading from infected disk (the virus also infects the MBR while loading from infected floppy). The virus hooks INT 13h, waits for DOS loading, then hooks INT 21h and writes itself to the end of COM files that are executed. While accessing to floppy disks the virus overwrites the boot sector. The virus has the bugs, and can halt the system while infecting a floppy disk. The virus contains the text string:
wma
Danny.872
Description Danny.872
It is not a dangerous memory resident parasitic virus. It hooks INT 8, 21h and writes itself to the end of .COM files (except COMMAND.COM) that are executed. If the system date's year is less than 1992, the virus decrypts and displays the message and then halts the computer:
Invalid date. System halted.
On October 17th the virus depending on its internal counter decrypts and displays the message:
Today is Danny's birthday! She is now ?? years old.
Press any key
where 'xx' is a number: current year minus 1973.
The virus also contains the text strings:
[Uni}amp] virus 1992
command.com
|