I-Worm.Hunch.a
Description I-Worm.Hunch.a
This is a virus-worm that spreads via the Internet attached to infected e-mail. The worm itself is a Windows PE EXE file about 151 Kb in length, and it is written in Visual Basic.
Infected messages appear as follows:
Subject: COSTO
Body: Mensaje importante para %Recipient% en el archivo adjuntoall
(%Recipient% is the full name of the recipient.
Attachment: PE EXE file with a random name.
Installing
When the worm is launched, it creates a window containing a picture,
and installs into the system. When installing into the system, the worm copies itself to three files in the Windows system directory: one with the original name of the file, from which the worm has been launched and the following names:
%SYSTEM%THWIN.EXE
%SYSTEM%MSWORD.EXE
Then, the worm writes the following registry keys to start automatically with Windows:
HKLMSoftwareMicrosoftWindowsCurrentVersionRunServices THWIN=%SYSTEM%THWIN.EXE
HKLMSoftwareMicrosoftWindowsCurrentVersionRun THWIN=%SYSTEM%THWIN.EXE
The worm also tries to copy itself to the A: drive with the "UNSCH.JPG.EXE" name.
Replication: e-mail
The worm uses Microsoft Outlook to send infected messages. The worm extracts e-mail addresses from the MS Outlook Address Book and sends itself to these addresses.
Payload
Depending on the worm's internal counters, the worm writes disk a C: formatting command to the C:Autoexec.bat file.
Check other viruses! Be aware! Use Antiviral Software
Dot.944
Description Dot.944
This is a dangerous non memory-resident virus which analyses the ENVIRONMENT block, looks there for the string "COMSPEC=" and infects COMMAND.COM (or its substitutor) via this string. After that the virus writes itself into .COM-files of the current directory by standard way. The virus intercepts INT 16h (keyboard) and depending on symbols entered from the keyboard, launches on the 25th screen line, from the right to the left and backward the symbol of a funny face (ASCII 1). The movement of the "face" is accompanied by a buzzing sound. The virus fairly rudely treats INT 16h, might hang up the system, removes the "read-only" attributes, sets file time to 62 sec.
Dotter.3961
Description Dotter.3961
It is not a dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of EXE files that are executed. While infecting a file the virus creates temporary file NCTEMP.TMP. Depending of system date the virus displays one of messages in Russian (total - about 3K of messages).
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Best Man Speeches
Handball
Thc Swab
Seychelles Aldabra Islands
Phoenixrealm - Seo Blog
|