Fellow.1019
Description Fellow.1019
This is a harmless, memory resident infector that hits, in a standard way, .EXE-files that are started. It hooks INT 21h. In September, it displays:
This message is dedicated to
all fellow PC users on Earth
Towards A Better Tomorrow
And A Better Place To Live In
The text "03/03/90 KV KL MAL" present at the end of infected file.
Check other viruses! Be aware! Use Antiviral Software
Macro.Word97.Cyberhack
Description Macro.Word97.Cyberhack
This virus contains 25 macros in module "CyberHack": coba, CyInit, CyClose, Dok2Nor, Nor2Dok, Cyber, Tahan, Simpan, AutoOpen, FileClose, FileOpen, FileSaveAs, FileSave, HelpAbout, FileExit, ToolsOptions, FileNew, FileTemplates, ToolsMacro, ToolsCustomize, ToolsCustomizeKeyboard, ViewVBCode, Organizer.
The virus replicates on executing any auto macro, i.e. on opening documents, closing, saving etc.
The virus erases the menu item Tools/Macro. It also disables macros-viewing hot keys. On Friday on entering the menu item Help/About or on closing Word application the virus displays a form containing an image of virus' authors and their names.
The virus also contains the comments:
Macros By WinK'S Hacker
Picture By Casper Satan
Lebih baik mencoba dari pada tidak tahu sama sekali all
Mohon ma'af bila telah mengganggu Anda.
Microsoft memang gila ! Nambahin fasilitas pemrogramannya
keterlaluan untuk suatu word prosesor.
jangan harap kau datang lagi padaku
Macro.Word97.DasWoo
Description Macro.Word97.DasWoo
This a stealth and polymorphic macro virus. It contains two modules ThisDocument and VC. The first module contains auto-function that is named AutoOpen in infected documents and AutoClose in infected NORMAL.DOT.
So the virus infects other documents on closing and affects the system on opening an infected document.
While infecting the auto-function calls the UserForm_Click function that is placed in the second virus module VC. The infection is performed by export/import virus modules to the temporary C:ONE.SYS and C:TWO.SYS files. The virus then modifies its code, so it is different in NORMAL.DOT and infected documents. For instance, the virus inserts into NORMAL.DOT two more functions to support its stealth ability: ViewVBCode and ToolsMacro. The virus also inserts into the document comments that contains the name of user, current time and path to active printer.
On July 28 the virus displays a window with the text:
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Forhandler Webhotell
IFOS GUMMIAKTIEBOLAG
Proxy Server Free
Myspace Proxy Server
Free Unblocked Proxy Browse
|