Virus Database

HLLP.Feci.6000

Description HLLP.Feci.6000

This is a very dangerous non-memory resident parasitic virus. It searches for EXE files, and infects them by writing virus code to the beginning of the file. The original file contents is encrypted and moved down while infecting.
If an error occurs while infecting, the virus displays the following standard DOS error message:
General failure reading drive Abort, Retry, Ignore, Fail?
Depending on the system date, the virus erases disk data and displays a message. The message is partly written in Russian. The rest of the message appears as follows:
=== Feci Quod Potui, Faciant Meliora Potentes
This happens on April 10, 11, and 12; and December 28, 29, 30, and 31.

Check other viruses! Be aware! Use Antiviral Software

Shoe.1904

Description Shoe.1904

It is a very dangerous memory resident polymorphic parasitic virus. It copies itself to UMB, if there is a free block, or to the conventional memory, hooks INT 8, 21h and writes itself to the end of EXE files that are accessed. On 1st of any even month (February, April, all) the virus erases the disk sectors and displays the message:
OOPS .. Sorry
For help call now:
555-SHOE or
555-RGNE
No rights reserved by M.WEINHOLD

Shrapnel.6067

Description Shrapnel.6067

It is a dangerous memory resident multipartite stealth virus. It writes itself to the end of COM, EXE and NewEXE files (Windows) as well as to the MBR of the hard drive and boot sector of floppy disks.
When an infected file is executed, the virus checks the presence of MS Windows. If Windows is installed, the virus searches for EXE files in the current directory and infects them. Then the virus infects the MBR of the hard drive. If Windows is installed, the virus uses direct calls to hard drive ports to write data to the disk. The virus then returns control to the host program.
While loading from an infected disk the virus hooks INT 13h, 1Ch, waits for DOS loading process and hooks INT 21h, 2Fh. The virus then writes itself to the end of files that are executed. When PKZIP or ARJ archivers are run, the virus disables its stealth routines. The virus does not infect the files (anti-viruses, utilities, and more) TBAV, COMMAND, WIN, SCAN, AVP, F-PROT, NAV and so on according to the string (two letters per name):
TBCOWISCVIAVVAF-NAVSIVFIFVIMQBMSDODESW

The virus deletes the file:
C:WINDOWSSYSTEMIOSUBSYSHSFLOP.PDR

Depending on its counters the virus creates the subdirectory SHRAPNEL on the disk.
The virus also contains the texts:
SHRAPNEL v1.0 by PH Made in the USA
*.EXE

Home

Viruses from A to Z
0-9 A B Ñ D E F G H I J
K L M N O P Q R S T
U V W X Y Z

    Copyright © 2005 Virus-Database.com
© 2005 Virus-Database.com