Virus Database

I-Worm.Hallad

Description I-Worm.Hallad

This is a virus-worm that spreads via the Internet attached to infected e-mails. It sends itself through IRC channels. It also causes payload actions.
The worm itself is a Windows PE EXE file about 80 Kb in length, and is written in Visual Basic 6.
The infected messages appear as follows:
Subject: %Name of the sender% + " is a millionaire"
Attachment: LucKey.exe
Body: " Hi" + %Name of the grantee% + "Your Friend " + %Name of the sender%
+ " invites you to be a millionaire" + %Name of the grantee% + "and says : "
+ %Name of the grantee% + "Wow..its really cool Test your lock ;)"
+ %Name of the grantee%
+ " just keep this advertisements pro run and you will get 0.25 $ every 30 minutes"
+ %Name of the grantee% + " + " Wo-finance Team"

The worm is activates from an infected e-mail only when a user clicks on the attached file.
Installing
While installing, the worm copies itself to the Windows system directory with the name LUCKEY.EXE and to the Windows System directory with the name DALLAH.EXE. Than it displays a dialogue window Project1 with the following text:
Run time error '71'
Object required
[ OK ]

Spreading via E-mail
To send infected messages, the worm uses MS Outlook, and sends messages to all addresses found in Outlook address book.
Spreading via IRC channels
The worm searches in subdirectories of the current disk for the file MIRC.INI, and overwrites it with new script that sends this EXE file to each user, who joins the infected channel.
Payload actions
The worm creates many files with the following names in the current directory:
Sharoon ****.exe
Bush ****.exe
ZA-Union ****.exe
BinLadin ****.exe

Where ***** is a number from 1 to 9999.
The worm also tries to remove the following folders on the disk with Windows.
Program FilesAntiViral Toolkit Pro
Program FilesCommand SoftwareF-PROT95
eSafeProtect
PC-Cillin 95
PC-Cillin 97
Program FilesQuick Heal
Program FilesFWIN32
Program FilesFindVirus
ToolkitFindVirus
f-macro
Program FilesMcAfeeVirusScan95
Program FilesNorton AntiVirus
TBAVW95
VS95
escue
Program Filesone Labs

The worm creates and runs the script file: FLOPY.VBS. This scrip copies a worm dropper to the diskette with the name: MALAL.EXE. Also, it creates companions to all files on a floppy drive with double extensions. It adds the extension ".EXE" to the original filenames.

Check other viruses! Be aware! Use Antiviral Software

Glitter.1462

Description Glitter.1462

This is a not dangerous nonmemory resident encrypted parasitic virus. It searches for COM and SYS files, then writes itself to the end of the file.
On May 8, July 4, September 3, November 5 the virus displays the message:
Wish you a Happy Birthday Love Guess Who ?
The virus also contains the texts:
Glitter ver 1.03 , Coded by DDISARTHH, Hi Avi Guess Who?
Greetings From Siddharth, Mumbai 400 092

Gluck.761

Description Gluck.761

It is a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of .COM-files that are executed. The virus deletes the CHKLIST.MS file. If the name of the executed program is *WEB.*, the virus terminates execution, and displays the message:
Error reading fat!

At midnight the virus "shakes" the screen and displays the message:
You iave a ¨GLUCK¨ !!!

Home