Virus Database

33.525

Description 33.525

This is a dangerous memory resident parasitic virus. It traces and hooks INT 21h, and writes itself to the end of COM files that are executed or searched by DOS functions FindFirst/Next ASCII. The infected files contain the word "33" at their ends. The 10th generation of this virus reboots the computer.

Check other viruses! Be aware! Use Antiviral Software

Macro.Excel97.Papa.a

Description Macro.Excel97.Papa.a

This macro virus is based on the code of Word macro virus "Melissa" . The virus replicates under Excel97, but it does not infect other workbooks. Instead of this the worm sends own copies in Email messages by using MS Outlook. Because of its infection method, this is much more worm than ordinary macro virus.
The worm code contains one procedure Workbook_Open in module ThisDocument that automatically runs on opening workbook. To send its copies via email the virus uses VisualBasic abilities to activate other MS Windows applications and use their routines: the virus gets access to MS Outlook (if it is installed on the computer) and calls its functions. The virus gets from each Outlook address list of up to sixty addresses and sends to them a new message.
This massage has:
The subject: "Fwd: Workbook from all.net and Fred Cohen".
Message body: "Urgent info inside. Disregard macro warning."
The message also has attached workbook - it is current (worm's) workbook, and it is infected.
Depending on the system random counter (in one case from 3) the worm floods either web site "Fred Cohen & Associates" or site with IP address 24.1.84.100.

Macro.Excel97.Phantom

Description Macro.Excel97.Phantom

This is a stealth Excel97 macro-virus. It infects Excel97 spreadsheets (XLS-files). The virus contains two modules: ArtiLife and Replicator. The ArtiLife module contains the auto-function "auto_open". When an infected sheet is opened, the "auto_open" function takes control, infects Excel and sets the DeliverPayload function on execution at 16:00:00. While infecting Excel, the virus creates the infected ~XL.XLA in the Excel Start-up Path directory.
The virus is quite an unusual for macro-viruses: it has a parasitic-virus-like stealth mechanism - the virus removes its modules from sheets upon opening them and infects them again upon closing.
The DeliverPayload that is executed at 16:00 outputs the texts to the StatusBar:
The Phantom
Is watching you!
Beware!

Home

Viruses from A to Z
0-9 A B Ñ D E F G H I J
K L M N O P Q R S T
U V W X Y Z



Suchmaschinenoptimierung
Usb Stick
Wage Advance Loans
Biloppretting
Hamilton Headsets

    Copyright © 2005 Virus-Database.com
© 2005 Virus-Database.com