GeeZee.464
Description GeeZee.464
It is a dangerous memory resident parasitic virus. It copies itself to DOS data area at address 0053:0000, hooks INT 1Ch, 21h and writes itself to the end of EXE files that are executed or opened. In 30 minutes after installing memory resident the virus clears the screen and halts the computer. The virus contains the string:
Gee_Zee 2
Check other viruses! Be aware! Use Antiviral Software
Macro.Office97.Toraja
Description Macro.Office97.Toraja
This macro-virus infects two MS Office applications: Word documents and Excel Office 97 datasheets. For document compatibility, Office 97 uses Visual Basic Script, which is contained in both Word and Excel files.
Upon opening, the virus infects the system, documents and sheets (AutoOpen macros in Word and Auto_Open in Excel). Upon infection, the virus utilizes the Office 97 functions for importing/exporting (reading/writing) the virus code via the text file, copies its exit code to the text, and then imports it to the infected object.
Upon exiting Word (Auto Exit), Excel is attempted to be infected. The virus performs a DDE-exchange: it starts up Excel with a minimized window and transfers all the information and commands necessary for creating the AutoRecover17.XLS infected file in the Excel start-up directory here. Word infection resulting from Excel occurs in a similar way upon opening a datasheet (Auto_Open). The virus starts up Word with a minimized window, opens Visual Basic Editor, and obtains the virus code from the AutoRevolver17.dat file.
The virus contains the following copyright string:
Created : Toraja High Land 1998 by Marsel - Lina
Modified : July 1999
Macro.PPoint.Attach
Description Macro.PPoint.Attach
This is the first known macro virus infecting MS PowerPoint presentation files. As well as other viruses infecting MS Office applications this is written in Visual Basic for Applications (VBA) language, and for spreading it uses Basic instructions and MS PowerPoint features.
The virus contains one macro that has event-function "UserForm_Terminate", this function is activated each time when UserForm is closed. This is the main virus function and it contains the virus infection routine.
When activated the virus infection routine searches for *.PPT files in the "C:My Documents" directory and subdirectory tree, opens files and copies its macro code to there.
Because of PowerPoint internal structure the virus is able to get control only in case any UserForm exists in target file. The virus checks files for UserForm presence and infects only such presentation. Otherwise the virus skips files and leaves them not infected.
The virus does not manifest itself in any way. It contains the comments, the first line is also used by the virus as the identification text to prevent duplicate infection:
<!--1nternal-->
PPT.Attach v0.1 /1nternal
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Antivirus
Kjøkkenfornyelse
Rotbehandling
Netting
ANDERSSON AUTO I VARBERG AB
|