I-Worm.Melare
Description I-Worm.Melare
Melare is a worm virus spreading via the Internet as an e-mail attachment. The worm itself is a Windows PE EXE file about 6KB in length when compressed by UPX, the decompressed size is about 15KB. It is written in Visual Basic.
The worm activates from infected email only if a user clicks on the attached file. Note that the real attached .EXE file name is hidden by a false .JPG name. As a result the infected .EXE file is displayed as a .JPG image file (picture), though upon opening this attachment it is executed as true EXE file. When launched from MS Outlook 97 SP2 such attached files are blocked (in the default mode).
The worm then installs itself into the system, runs its spreading routine and payload.
Installation
While installing the worm copies itself to the Windows directory under the name csrss.EXE and registers this file in the system registry auto-run key:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
SystemSARS32 = %WindowsDir%csrss.EXE
Spreading
To send infected messages the worm uses MS Outlook and sends messages to all the addresses found in the Outlook address book.
Infected messages have the following attributes:
The beginning of the message body text may be covered by a "JPG attach" icon.
Payload
On the 1st, 4th, 8th, 12th, 16th, 20th, 24th and 28th of each month the worm deletes all *.DLL, *.NLS, *.OCX files in the current directory (in most cases this would be the Windows directory).
Check other viruses! Be aware! Use Antiviral Software
Arale.1526
Description Arale.1526
It's a not dangerous memory resident parasitic virus. It is related to the "Jerusalem"-viruses. It hooks INT 21h and writes itself at the end of COM- and EXE-files (except COMMAND.COM) which are executed. Depending of system time it displays the message:
FELICIDADES: xxxx
(P) 1993 by Arale & Goku Corp.
where "xxxx" is one of the strings:
Maite C. P.
Roberto R. I.
Elsa B. E.
Esther F. P.
Carol C. B.
David M. E.
Anselmo B. V.
It also contains the internal text strings:
COMMAND.COM
MCP
Arara Family
Description Arara Family
These are harmless nonmemory resident parasitic polymorphic viruses. They searches for COM files and writes themselves to the end of the file. They contain the texts:
ILASA MICALAZODA OLAPIRETA IALPEREJI BELIORE: DAS ODO BUSADIRE OIAD OUOARESA
CAOSAGO: CASAREMEJI LAIADA ERANU BERINUTASA CAFAFAME DAS IVEMEDA AQOSO ADOHO
MOZ, OD MAOFASA. BOLAPE COMO BELIORETA PAMEBETA. ZODACARE OD ZODAMERANU! ODO
CICALE QAA. ZODOREJE, LAPE ZODIREDO NOCO MADA, HOATHAHE SAITAN!
and
"Arara.1038": [ARARA]
"Arara.1375,1391": [ARARA2]
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Holiday Villas In Dubai
Hoodia Extract
Ausmusterung
Images To Pdf
Cheap Cars For Sale
|