Virus Database

I-Worm.Abotus

Description I-Worm.Abotus

This is the worm virus spreading via the Internet being attached to infected emails. The worm itself is Windows PE EXE file about 18Kb of length, written in Delphi.
The infected messages have:
Subject: About us
Body: I have included a program which illustrates my opinion about things you wrote me few days ago
Attach: may be different
The worm activates from infected email only in case a user clicks on attached file.
The worm does not installs itself to the system and is not activated anymore (except cases when user clicks on attached email again).
To send infected messages the worm uses Windows MAPI functions and "answers" messages from Email boxes.

Check other viruses! Be aware! Use Antiviral Software

Macro.Excel.Taiwanes.a

Description Macro.Excel.Taiwanes.a
This trojan contains functions: auto_open, WriteBook, OpenExec, OpenConfig, GetPath, DelFiles, SaveProcedure.
On opening an infected file Excel executes "auto_open". This function sets the SaveProcedure function as sheet saving function. On saving this function takes control and displays the MessageBox:
Taiwanese Version 2.1 will now infect your system!

The trojan inserts the commands into the files:
C:AUTOEXEC.BAT:
@Echo Your system has been infected by LATEST MACRO VIRUS Version 2.1 -- Taiwanese
Pause
C:CONFIG.SYS:
Rem You are infected by LATEST MACRO VIRUS Version 2.1-- Taiwanese
[Menu]
MenuItem = WIN95, LATEST MACRO VIRUS Version 2.1
menuitem=DOS, !!!!Safe Recovery!!!!
menudefault=WIN95, 1
[WIN95]
DEVICE=c:WINdowsHIMEM.SYS /TESTMEM:OFF
[DOS]
DEVICE=c:WINdowsHIMEM.SYS /TESTMEM:OFF
DEVICE=c:WINdowsEMM386.EXE RAM NOEMS
FILES = 150
DOS = Low

The trojan erases Word-files. It writes its 26 copies to the Excel startup directory, the file names are BOOK<number from 65 till 90>.XLT and 10000 copies with names SSCAN<0 - 9999>.XLT
Taiwanes.b
This trojan contains functions: auto_open, InterruptKey, ESC, WriteCommand, OpenExec, OpenConfig, GetPath, SaveProcedure.
The same as "Taiwanes.a", but corrupts the COMMAND.COM file and does not creates files in Excel startup directory.
On entering ESCAPE, ENTER, HOME, INSERT, NUMLOCK, PGDN, PGUP, TAB keys calls for "ESC" function and displays a MessageBox in Chinese. After all closes Windows.

Macro.Excel.Tjoro

Description Macro.Excel.Tjoro

This Excel macro virus contains one macro (module) named "NoMercy", the macro contains six functions: Auto_Open, cek_global, infectglobal, inFuckIt, Fuck, Auto_Close.
To infect the system the virus creates the infected GLOBAL.XLM file in Excel startup directory and sets macros Fuck as auto-macro that is called when any sheet is activated. As a result the virus hooks sheets activating, and infects them. While infecting the virus searches for "NoMercy" module to prevent duplicate infection. If there are no such module, the virus copies its code to there.
On 11th of any month the virus displays the MessageBox:
Helloall
Hello there...you are infected with NoMercy!

Home