Virus Database

GGM Family

Description GGM Family

These are not dangerous memory resident parasitic viruses. They hook INT 8, 21h and write themselves to the end of .EXE files. As the first the "GGM.936" virus infect the C:DOSSMARTDRV.EXE file. Then that virus infects the files that are executed. That virus checks the file name, compares the name beginning (two letters) with the string:
sctbclf-fp

and does not infect the anti-viruses SCAN, TB*, CLEAN, F-PROT and FPROT.
"GGM.898" infects only one file - C:TESTTESTTESTTESTTEST.EXE, and seems to be a test virus.
By hooking INT 8 the viruses checks the text that is typed and echoed on the screen. When the string "givegodmode" is entered, the virus adds the string "65535". When "iamtheboss" is entered, the virus puts to the keyboard buffer: "ctty com". When the string "checkboxports" is entered, the virus writes some data to the COM1 port.

Check other viruses! Be aware! Use Antiviral Software

Downloader.Win32.Harnig

Description Downloader.Win32.Harnig
This Trojan is written in Assembler.
Installation
Harnig copies itself as an .exe file and a .dll file with the same random name in the Windows directory. The .exe version is registered in the system registry auto-run key as:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
The Trojan also creates the following file in the Windows directory:
WININIT.INI
Malicious effects
Harnig downloads Backdoor.Afcore.aa from http//system.hoha.ru/x.pl?10 and launches it. Backdoor.Afcore.aa functions identically to Backdoor.Afcore.q

DPN.623

Description DPN.623

It is a dangerous memory resident parasitic virus. It hooks INT 1Ch, 21h and writes itself to the end of .COM-files that are executed or opened. Depending on the system timer it reboots the computer. It contains the internal text string:
DPN

Home