Virus Database

I-Worm.Newpic.a

Description I-Worm.Newpic.a

This is a virus-worm that spreads via the Internet using MSN Messenger (instant messaging program). The worm itself is a Windows EXE file about 50Kb in length written in Visual Basic.
When an infected file is run, the worm dislays the following fake message:
Error
Cannot open file. May be corupted. Replace the file with a new
one and try again.
Then it registers itself in the auto-run registry key:
HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun MSN Messenger = %filename%
where %filename% is the worm's full file name.
The worm then waits for incoming messages and replies with the following text:
hey, want me to send my new pic?
i took it yesterday
The the worm waits for an answer. If a user answers with one of following words:
sure
yes
yea
guess
ok
send
maybe
go
the worm sends its EXE file to a victim and then sends one of the following randomly selected texts:
alright, here ya go
i hope you like it
there
pweese? :)
ok cool
The worm also creates the "C:Messenger1324Brain1Read Me.txt" file and writes a text there:
I come in piece. My name is Jerry.
The purpose of me is to spread. I'm not annoying, nor dangerous.
How to remove me:
1) Click Start, select Run. The Run dialog box pops up.
2) Type: msconfig The System Configuration Utility pops up.
3) Click the Startup tab at the top. In the list, find MsgSprd, Messenger, or pic1324, uncheck, press Apply, then press Ok.
4) Restart your computer Or press Ctrl - Alt - Del, select MsgSprd from the list, then press End Task.
You may freely delete the files or the 'C:Messenger1324' directory.

Check other viruses! Be aware! Use Antiviral Software

Booty

Description Booty

It is not a dangerous memory resident boot virus. It hooks INT 13h and writes itself to the MBR sector of the hard drive and boot sectors of floppy disks that are accessed. The TSR copy of virus is stored in the Interrupt Vectors Table. The virus doesn't save original boot sector of floppy disks while infecting them.
The virus contains the text string:
BOOTY

Border.781

Description Border.781

This is a memory resident not dangerous virus which hooks INT 8, 21h and by standard way hits .COM-files that are started. It contains the text "BORDERLINE 1990" and writes something into the video ports.

Home