I-Worm.Choke
Description I-Worm.Choke
This is the worm virus spreading via the Internet by using MSN Messenger (instant messaging program). The worm itself is Windows EXE file about 40Kb of length written in VisualBasic.
When infected file is run, the worm copies itself to C:CHOKE.EXE, then registers this file in registry auto-run key:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun Choke = C:choke.exe -blahhh
then dislays two fake messages:
Choke
This program needs Flash 6.5 to run!
Run time error
Cannot run program!, Quiting
The worm also creates the C:ABOUT.TXT file and writes following text to there:
Choke , Copyright î 1886 all A MAD CHRISTIAN
---------------------------------------
Go talk swearwords about God
You all will die, stupid humans.
You fools didn't see what you have done
Bye slut, go talk shit about me.
(Call me a 'psychophatt', but I respect the Creator of life...)
' Consider your earth '
The worm then gets to spreading routine. That routine waits for incoming message and replies with the text:
"President bush shooter is game that allows you to shoot Bush balzz" hahaha
and send to victim a request to receive the worm EXE file. The EXE file name is randomly selected from three variants:
choke.exe
ShootPresidentBUSH.exe
%username%.exe
where %username% is the name of victim visible in MSN network.
In case the incoming message starts with "hey!" the worm reports with information of victims that were sent by infected messages:
PPL: %n
I got %n son of a bitches.
%username%, status = %n
Send to %n ppl
%username% (request sent)
%username% (accepted)
where %username% is the name of victim visible in MSN network, and %n are different numbers.
The worm also creates the "dalist.txt" file and writes to there the list of already infected users (addresses to where the worm was sent already). The worm checks that list and does not send its copies twice to the same address.
The worm also seems to send messages to %random%@pager.icq.com addresses with the text:
From: George.W.Bush@whitehouse.gov
Text: Micro$oft invites you to use MSN Messenger!
Check other viruses! Be aware! Use Antiviral Software
Sailor.Boot
Description Sailor.Boot
It is a harmless memory resident stealth boot virus. It hooks INT 13h and writes itself to the MBR of the hard drive and boot sector of floppy disks. The virus contains the text strings:
Sailor.Jupiter b0z0/iKx
Sair.1150
Description Sair.1150
It is a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed. It encrypts the disk sectors, and then displays:
Ben bir garip virusum
Disket disket gezerim
Bugun kismet sendeymis
Yarin belki kimdeyim
Sair virus
It also contains the text:
Fuck Serb Virus (C) 1993 by Turkey Boys!
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
|