I-Worm.Apost (AKA "Readme")
Description I-Worm.Apost (AKA "Readme")
This is a virus-worm that spreads via the Internet as an attachment to infected e-mails. The worm itself is a Windows PE EXE file about 25Kb in length and written in Visual Basic Script.
The infected messages contain the following:
Subject: As per your request!
Attach: README.EXE
Body: Please find attached file for your review.
I look forward to hear from you again very soon. Thank you.
The worm activates from infected e-mail only in the case when a user clicks on the attached file. The worm then installs itself to the system, runs the spreading routine, and displays two fake messages:
While installing, the worm copies itself to the Windows directory with the README.EXE name and registers that file in the system registry auto-run key:
HKCUSoftwareMicrosoftWindowsCurrentVersionRun macrosoft = README.EXE
To send infected messages, the worm uses MS Outlook and sends messages to all addresses found in the Outlook address book.
The worm also copies itself to the root directory of all local fixed and remote (network) drives with the same README.EXE name.
Check other viruses! Be aware! Use Antiviral Software
MF family
Description MF family
These are dangerous memory resident polymorphic and stealth parasitic viruses. They hooks INT 8, 16h, 21h, 2Fh and write themselves to the end of COM and EXE files that are executed or closed. On opening an infected file the viruses temporary disinfect it.
Depending on their internal counters the viruses change several extended ASCII (cyrillic) letters on the screen. The virus also changes letters that are typed by keyboard.
In 14 minutes after installing memory resident "MF.3564" displays the text "Merlin from AMBER: FUCK YOU MAN!", in 40 minutes the viruses corrupt the CMOS memory. Depending on a random counter the viruses disable accessing to remote disks and files.
When the text "Tell me your ver, mf!" is entered as a DOS command, the viruses display:
"MF.3490": My ver is MF v10.1
"MF.3564": My ver is MF v10.0
When the text "Do your job, mf!" is entered, they display:
Yes, I got it, man.
and then corrupt the CMOS memory.
Mface.1441
Description Mface.1441
It is not a dangerous memory resident parasitic virus. It hooks INT 8, 13h, 21h and writes itself to the end of .COM files that are executed. Sometimes it launches several faces (01h ASCII) that are running on the screen.
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
|