Virus Database

Exploit.HTML.Iframe.FileDownload

Description Exploit.HTML.Iframe.FileDownload
Exploit takes advantage of a security breach in MS Internet Explorer 5.01, 5.5 and Outlook. Some Internet worms use this breach to activate themselves from HTML e-mail messages. Examples of such worms are: Aliz, BadtransII, Nimda, and Toil. This vulnerability allows for the opening or previewingall

Check other viruses! Be aware! Use Antiviral Software

Norway.673

Description Norway.673

It is not a dangerous nonmemory resident encrypted parasitic virus. It searches for .COM files and writes itself to the end of the file. On May, 17th the virus displays the message:
Happy birthday, Norway!

NoSmoking.1000

Description NoSmoking.1000

These are not dangerous nonmemory resident encrypted parasitic viruses. They search for .COM files and write themselves to the end of the file. They contain the string:
Kamchatka

Nosmoking.1000
Depending on its internal counter it disinfects the host file and displays one of the messages:
Water detect in Co-processor !
I am hungry ! Insert hamburger into drive A:
No smoking, please ! Thanks.
Don't beat me!
Attention ! Hard Disk is Radioactive !
I'm so much dirty! Clean me !
Kiss my keyboard !
Keep smiling !
Warning ! In drive A: are two diskettes.
I don't understand you.
Insert tractor toilet paper into printer.
Hard Disk's head has been destroyed. Can you borrow me your one ?
Coca-Cola is it !

Nosmoking.1575
It leaves memory resident program that hooks INT 21h but does not infect the files. If there were no errors during infection, that virus calls trigger routine. As the first, the virus gets server name to which infected computer is connected. The virus performs it by using GET FILE SERVER INFORMATION function (INT 21h, AH=E3, this is one of Novell Netware functions, as well as all function listed below). If there are several servers in net, that function returns the name of server which was used as the first one on login procedure.
Then the virus gets number of users are connected to that server (by using the same GET FILE SERVER INFORMATION function), gets its own computer number (GET CONNECTION NUMBER, INT 21h, AH=DCh), selects two of connected computers (by using its own random generator) and gets names and net addresses of these computers by GET CONNECTION INFORMATION function.
After selecting two computers that are connected to netware, the virus generates the phrase like:
NAME: Text

where "NAME" is netware name of first selected computer, "Text" is one of the strings:
Friday I'm in LOVE !
No smoking, please !
Thanks.

and sends it to another computer. It looks like one of the netware users jokes with another one. On next executions of that virus it sends the message again and again.
This virus also contains the text:
Kamchatka/FRIDAY

Home