Hellfire.1040
Description Hellfire.1040
These are very dangerous nonmemory resident overwriting viruses, they were published in "Slam #2 E-Zine". The viruses (except "Hellfire.1040,1041.a,b") use simple procedure for encryption virus code. They search for .COM files and overwrite them. The infected files are not recoverable. After infection the viruses display the text:
Bad command or file name
If there are no files for infection or all files are already infected, the viruses display a picture.
This family contains many viruses:
Hellfire.1040
Hellfire.1041.a
Hellfire.1041.b
Hellfire.1085 - encrypted
Hellfire.1086.a - - " -
Hellfire.1086.b - - " -
Hellfire.1089.a - - " -
Hellfire.1089.b - - " -
Hellfire.1091.a - - " -
Hellfire.1091.b - - " -
Hellfire.1091.c - - " -
Hellfire.1091.d - - " -
Hellfire.1099 - - " - set new Int 24h
Hellfire.1101.a - - " - - " -
Hellfire.1101.b - - " - - " -
Hellfire.1122.a - - " - - " - clear and restore file attributes
Hellfire.1122.b - - " - - " - - " -
Hellfire.1123 - - " - - " - - " -
Hellfire.1124.a - - " - - " - - " -
Hellfire.1124.b - - " - - " - - " -
Hellfire.1124.c - - " - - " - - " -
Hellfire.1131 - - " - - " - - " -
Hellfire.1132 - - " - - " - - " -
Hellfire.1133 - - " - - " - - " -
Hellfire.1146 - - " - - " - - " - restore date&time stamp
Hellfire.1147 - - " - - " - - " - - " -
Hellfire.1148 - - " - - " - - " - - " -
text: (c) Michael Egler
Check other viruses! Be aware! Use Antiviral Software
Macro.Word.Czech
Description Macro.Word.Czech
This virus contains two original macros that are copied to five macros while infecting the NORMAL.DOT:
Documents NORMAL.DOT
AutoOpen AutoOpen
AutoClose
Crypt Crypt
ToolsMacro
FileTemplates
The virus replicates itself to the global macros area on opening an infected document, and infects documents that are opened or closed.
On entering the Tools/Macro or File/Templates menu the virus depending on random number sets for current document random numerical password and displays the MessageBox:
ULTRAS
Crypt by ULTRAS [Rioters]
Macro.Word.Daniel.a
Description Macro.Word.Daniel.a
This is an encrypted macro-virus. It contains two macros:
NORMAL.DOT Infected files
MacroManager MacroManager
Word6Menu AutoOpen
When the system opens an infected file, the virus takes control and copies its macros to the global macros area. To get a control the virus not only uses its AutoOpen macro, but also sets its macro "MacroManager" as executed on File/Save command and on Ctrl-S and Ctrl-B keys. When that macro is executed, the virus infects current document.
To hide itself in system the virus removes the menu items that access macros. While infecting a document the virus sets new file summary info fields:
Keywords = "Daniel_Stone"
Comments = "All information should be free."
The virus contains remarked texts:
You've reached! Here is the virus. Enjoy.
This is the Word_Macro_Virus_Daniel_1F - Beta International Version.
Please Support the Virus Concept. Have a nice Day! (BR/US)
|