I-Worm.Icecubes.a
Description I-Worm.Icecubes.a
This is an Internet worm that spreads as an attachment via e-mail. The worm itself is a Windows executable file about 18Kb in length. Upon being executed from an e-mail attachment, the worm installs itself to the system and hides its activity utilizing a humerous dialogue box that "configures" Windows icecubes.
While installing, the worm copies itself to the Windows system directory with WSOCK2.DLL name (note: not WSOCK32.DLL, not WSOCK2.VXD), and infects the original WSOCK32.DLL Windows library by writing its code to the end of the file. This library is usually locked by Windows for writing, and the worm uses a standard stick: it copies that file with a WSOCK32.INF name, infects this copy, and writes a "rename" command to the WININIT.INI file, which in turn will replace the original WSOCK32.DLL with an infected one upon the next Windows restart.
The worm code in the infected WSOCK32.DLL hooks the "send" function, and monitors all data that are sent. When a message is outgoing, the worm duplicates it with a second message with an attached ICECUBES.EXE file and:
Subject: Windows Icecubes !
Text:
I almost forgot. Look at what I found on the web. This tool scans your system for hidden Windows settings, better known as -Windows Icecubes-. These secret settings were built in by the Windows programmers. I think you might want to change them a little, just take a look ! :)
The worm also logs Internet login names and passwords to a ICECUBE.TXT file in the Windows directory.
On July 1st, the worm displays the following message:
W9x.Icecubes / f0re [lz0]
Windows detected icecubes on your harddrive.
This may cause the system to stop responding.
Do you want Windows to remove all icecubes ?
Check other viruses! Be aware! Use Antiviral Software
Sylvia Family
Description Sylvia Family
These are harmless nonmemory resident parasitic viruses. They search for .COM files (except COMMAND.COM, IBMIO.COM, IBMDOS.COM) in the current directory of the current and C:drives, then infect not more than 5 files. They write themselves to the beginning of the file.
If one corrects the text in the virus (see bellow), they halt the system, then decrypt and display the message:
FUCK YOU LAMER !! system haltedall
There is the following text at the virus beginning:
This program is infected by a HARMLESS Text-Virus V2.1
Send a FUNNY postcard to : Sylvia Verkade,
Duinzoom 36b,
3235 CD Rockanje
The Netherlands.
You might get an ANTIVIRUS program.....
Sylwia.734
Description Sylwia.734
It is a harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the end of .COM files that are executed. It contains the text string:
SYLWIA
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Detox Products
Dedikerad Server
Usb Med Tryck
Gigabyte Motherboards
Edelstahlschmuck
|