Virus Database

I-Worm.Kadra

Description I-Worm.Kadra

This is a Win32 PE EXE worm that spreads in e-mail messages using a system's default MAPI client. When started, it copies itself to %WINDOWS%Win32Dlw.EXE and %SYSTEM%Win32Exp.EXE, then writes the following key to the registry to start automaically with Windows: HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrent VersionRun RunExplorer=%SYSTEM%Win32Exp.EXE
If the current month is Semptember, the worm draws the following message on the screen:
Kad sve izgleda da umire,allono se ustvari radja!
Then, the worm shows a message box with a '...' title and the following text:
Moja jutra su sve jasnija,
Moja snaga je prodornija,
Moje rijeci silno odjekuj
Moj mac je ostriji,
Moje noci su sve hladnije.
...ali dan je blizi kad ce
ljudi shvatiti da su samo,
i nista drugo nego ono sto
sam i JA!

After displaying a message, the worm does nothing for 2 minutes, and then sends itself to all senders of e-mail messages stored in the default MAPI client inbox.
All messages sent by the worm have the following properties:

Message subject is: Bin Ladenov zivot.
File attached: Bin Ladenov Zivot.exe
Message body: Ako jos do sada niste znali ko je Bin Laden onda vjerovatno cete naci ovaj dokument interesantnim u kojem je prikazano nekoliko vaznih momenata u, u njegovom zivotu, cak dok je jos radio pri CIA!

Check other viruses! Be aware! Use Antiviral Software

Rasek.1489

Description Rasek.1489

This is a dangerous memory resident multipartite encrypted virus. While executing an infected file it writes itself to the MBR of the hard drive and hooks INT 13h, 12h. By hooking INT 13h this virus releases the stealth mechanism on reading the infected MBR. It also writes a trojan program to the floppy disk boot sectors. That program erases the hard drive FAT while loading from that floppy. Sometimes the virus also erases the FAT on loading from infected MBR.
By hooking INT 21h the virus infects COM and EXE files that are executed, it writes itself to the end of the files. The virus contains the text string "AND.COM" and does not infect the files that contains that string in their names (COMMAND.COM). The virus also contains the text strings:
RaseK v2.1,from LA CORUÑA(SPAIN).Mar93

Rasek.1489.b

Description Rasek.1489.b

This is a dangerous memory resident multipartite encrypted virus. While executing an infected file it writes itself to the MBR of the hard drive and hooks INT 13h, 12h. By hooking INT 13h this virus releases the stealth mechanism on reading the infected MBR. It also writes a trojan program to the floppy disk boot sectors. That program erases the hard drive FAT while loading from that floppy. Sometimes the virus also erases the FAT on loading from infected MBR.
By hooking INT 21h the virus infects COM and EXE files that are executed, it writes itself to the end of the files. The virus contains the text string "AND.COM" and does not infect the files that contains that string in their names (COMMAND.COM). The virus also contains the text strings:
"RASEK" v3.0,from La Coruña(SPAIN).Ap93

Home