I-Worm.Bagle.j
Description I-Worm.Bagle.j
This worm spreads via the Internet as an attachment to infected messages, and also via file sharing networks. It is packed using UPX; the size of the compressed file is 12843 bytes, and the size of the uncompressed file is 49707 bytes. The worm may write nonsense to the end of the file, in which case the size of the file will differ from the size shown above.
This current version is almost identical to I-Worm.Bagle.i, and differs only in the following insignificant ways:
The text of the message sent to the author of NetSky has been changed:
"Hey, NetSky, fuck off you bitch!"
The name of the file which the worm writes itself has been changed, and correspondingly, so has the value of the system registry key:
File name:
winsys.exe
Registry key:
[HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run]
"ssate.exe" = "%system%winsys.exe"
Check other viruses! Be aware! Use Antiviral Software
Fruit.1623
Description Fruit.1623
It is a not a dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of .COM and EXE files that are executed or renamed. While infecting a file the virus scans the system memory for the "@AST94" string, and patches that data in some way. While opening CHKLIST.* files the virus terminates that call and returns the error flag. The virus contains the text strings:
@AST94
.COM.EXE
CHKLIST
FRUIT
Frz.1567
Description Frz.1567
It's a dangerous memory resident parasitic encrypted virus. It hooks int 21h and writes itself to the end of .COM- and .EXE-files that are executed. On 666th infection it erases the CMOS of the computer. On debugging it erases the interrupt table and hangs up the computer. It contains the internal text string: "Frz".
|