Fowl.3072
Description Fowl.3072
It is a dangerous memory resident multipartite virus. While executing an infected file or while loading from an infected floppy disk the virus infects the active boot sector of the hard drive. The virus stays memory resident only while loading from infected disk (hard drive or floppy disk). The virus hooks INT 9, waits for DOS loading, and hooks INT 28h. Then the virus waits for the end of DOS installation procedure, allocates the block of conventional memory, copies itself into there and hooks INT 13h, 21h. Then the virus writes itself to the end of EXE files that are executed and infects boot sectors of the floppy disks that are accessed. Depending of the system date the virus erases the hard drive sectors.
Check other viruses! Be aware! Use Antiviral Software
Macro.Access.Detox.a
Description Macro.Access.Detox.a
This virus infects MS Access databases. While infecting, the virus replaces the Autoexec script in databases and copies an additional macro named TDU to the database . This macro contains four subroutines:
TheDetoxUnit
SetStartupProperties
ChangeProperty
Info
When an infected database is opened, the Autoexec macro is activated. In infected databases it immediately calls the virus function TheDetoxUnit that searches for all databases in the current directory and infects them. While searching the virus uses the "*.MDB" mask. Before infecting the virus disables the Tools/Options menu and changes several system parameters: disables viewing macros by using hot-keys and on error while executing macros, enables executing auto-scripts when Shift key is pressed (by default pressed Shift disables auto-scripts).
The Info subroutine contains nothing but comments:
The Detox Unit Access Macro Virus
written by Sin Code IV
(an old friend by any other nameall)
Macro.Access.Lovely
Description Macro.Access.Lovely
This virus infects MS Access databases. While infecting the virus replaces in databases the Autoexec script and copies to database additional form named "Jo". This form contains a module with one function "Jg".
When infected database is opened the virus searches for all databases in the current directory and infects them. While searching the virus uses the "*.MDB" mask.
Before infecting the virus changes several system parameters: disables viewing macros by using hot-keys and on error while executing macros. The virus does not have any payload procedure.
The virus contains the "copyright" text:
Copyright (C) 1998 by FlyShadow ~^^~ - Lovely
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Specialarbeten I Helsingborg Aktiebolag
MÖller, Anders
Bankeryds MÅleri & Golv Aktiebolag
EntreprenadstÄd I VÄxjÖ
Mf RÖrteknik Ab
|