Guerilla.1996
Description Guerilla.1996
It is a harmless memory resident parasitic polymorphic and stealth virus. It hooks INT 21h and writes itself to the end of EXE files that are closed. While opening an infected file the virus disinfects it, while searching for files (FindFirst/Next) the virus decreases the returned file length - these are virus stealth routines.
The virus does not infect several anti-viruses according to the string (two bytes per name):
TBVIAVNANEVSFIF-IMFVSCQBIV
When several file compressing utilities, anti-viruses and Windows are run, the virus disables its stealth routines. The list of these programs looks as follows: TBSCAN, TBSETUP, WIN, PKZIP, ARJ, RAR, LHA, ADINF.
While installing memory resident the virus scans the system memory for memory resident anti-viruses TBAV, NAV and NEMESIS. If one is found, the virus terminates its installation routine.
The virus also contains the text strings:
NACSBT NIW PUTESBT PIZKP JRA RAR AHL FNIDA
Guerilla 1996 PH
TB*NAVNEM
Check other viruses! Be aware! Use Antiviral Software
Fantom.954
Description Fantom.954
It is a harmless memory resident multipartite virus. It writes itself to the MBR of the hard drive and to the end of EXE files. It is encrypted in files. While accessing to infected MBR the virus calls its stealth routine.
When an infected file is executed, the virus infects the MBR and returns to the host program. While loading from infected MBR the virus hooks INT 8, waits for some time (to pass DOS loading process), then hooks INT 13h and INT 21h. The INT 13h handler contains only stealth routine. INT 21h handler intercepts file execution and calls infection routine. This handler also contains semi-stealth routine that is called on FindFirst/Next DOS calls.
The virus contains the text string:
FANTOM vir. 2.0 -(c)Szczecinek- Dla Malgorzaty P.
Faod.1433
Description Faod.1433
It is a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of EXE files that are accessed. To detect its TSR copy ("Are you here?" call) the virus uses INT 21h call with AH=FAh, the memory resident code returns AH=0Dh - this is the reason to name this virus.
The virus has errors and may crash the system. On 23 and 24 of any month depending on the system time the virus displays the message in Russian (means "ASS"):
XXx XX xXX xXXXXXXXXXXx XXXXXXXXXXXx xXXXXXXXXXXX
xXXxXXxXXx XXx xXX XX XX XXx XX
XXXXXX XX XX XX XX XXXXXXXXXXXX
xXXxXXxXXx XXx xXX XX XX XXx xXX
XXx XX xXX xXXXXXXXXXXx XX XX XX XX
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Svenska Serviceguiden
Photo Geographic Sverige
VendelsÖ Parkett
Em & Co Lars-erik Svensson Ab
Elisabeth Kaijser Ortodonti
|