Fatty.3008
Description Fatty.3008
It is a very dangerous memory resident multipartite virus. It affects .COM and .EXE files as well as the MBR of the hard drive and boot sectors of the C: drive and floppy disks. While infecting .EXE files the virus may corrupt them.
When an infected file is executed, the virus infects the MBR and the boot sector of C: drive, hooks INT 8, 9, 13h, 17h, 21h and stays memory resident. While loading from infected disk the virus hooks the same vectors except INT 9, 21h, waits for DOS loading process and hooks INT 9, 21h.
By hooking INT 21h the virus infects .COM and .EXE files that are created and then closed, as a result the virus avoids CRC checkers. INT 13h hook is used for stealth and floppy disk infection. INT 8 hook is used to hook INT 9, 21h while installing from infected disk and for trigger routines. INT 17h is used for "Are you here?" call while installing memory resident.
Trigger routines: by hooking INT 9 the virus depending on its random counter either "skips" one key, or stuffs random key into keyboard buffer. Depending on its counter (INT 8) the virus also stuffs some sequence of keys to the keyboard buffer. Depending on the system date the virus modifies some data on disk (erases data?).
The virus contains the text strings:
XFATTY by SULPH (c)97
*Manufactured in Vsetin (CZ)
*THANX to Grisoft & Borland
*BIG KISS to my GIRL
*Have FUN, see YA!!X
.COM.EXE
Check other viruses! Be aware! Use Antiviral Software
SI.509
Description SI.509
It is a dangerous memory resident parasitic virus. It hooks INT 1Ch, 21h, intercepts DOS calls Create/Remove/Change Directory, Create/Open File and on these calls search for .COM files in the current directory, then writes itself to the end of the file.
To detect its TSR copy the virus writes ID-word "SI" to the BIOS data area at the address 0:0472 (Warm boot flag). At 10:00 the virus reboots the computer. The virus contains the text:
*.COM
Sibylle
Description Sibylle
It is a dangerous memory resident parasitic virus. It hooks INT 21h, 2Fh and writes itself to the end of EXE files that are executed. By hooking INT 2Fh the virus detects its already installed TSR copy. Sometimes it set the file attribute to Volume Label value. Depending on the current time this virus overwrites the AUTOEXEC.BAT with the strings:
@echo off
:b
echo Looking for Sibylleall
goto b
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Obd
Best Mp3
Computer Affiliate Program
SWEDWOOD BRÄNTORP AB
Website Design
|