Virus Database

HLLP.Feci.6000

Description HLLP.Feci.6000

This is a very dangerous non-memory resident parasitic virus. It searches for EXE files, and infects them by writing virus code to the beginning of the file. The original file contents is encrypted and moved down while infecting.
If an error occurs while infecting, the virus displays the following standard DOS error message:
General failure reading drive Abort, Retry, Ignore, Fail?
Depending on the system date, the virus erases disk data and displays a message. The message is partly written in Russian. The rest of the message appears as follows:
=== Feci Quod Potui, Faciant Meliora Potentes
This happens on April 10, 11, and 12; and December 28, 29, 30, and 31.

Check other viruses! Be aware! Use Antiviral Software

Macro.Word.Lunar

Description Macro.Word.Lunar

This is an encrypted macro virus. It contains seven macros: autoexec, autoopen, filesave, autoclose, filesaveas, toolsmacro, filetemplates.
The virus infects the global macros area on opening (AutoOpen) or closing (AutoClose) an infected document. It infects the documents that are saved (FileSave) or saved with new name (FileSaveAs).
The virus creates the LUNAR.INI file and writes the text to there:
[virus]
lunar=<number of generation>
author=Hyperlock

This is a stealth-virus - it hooks File/Templates and Tools/Macro, on entering these menus the virus displays the MessageBox:
Microsoft Word
Not enough memory to perform this operation

The virus contains the commented text strings:
WM.Lunar virus
AutoExec macro

Macro.Word.Lunch

Description Macro.Word.Lunch

These viruses contain three macros, two original and one copy:
NORMAL.DOT Infected files
Macro1 FileSave NEWFS
NEWFS
Macro2 NEWAO AutoOpen
NEWAO

The viruses infect the system on AutoOpen and write themselves to files on FileSave. At 12:01 they display message box:
Lunch Time!
Whatya doin' here? Take a lunch break!

Home