Virus Database

I-Worm.Petik.b

Description I-Worm.Petik.b

This is an Internet worm that spreads as a 6.5Kb NETFRIENDS.EXE file attached to e-mail messages. To send infected messages, the worm uses MS Outlook. The worm also is able to send its copies to IRC channels by infecting the mIRC client.
When the worm starts (if a user clicks on the EXE attached to the message, or accepts an IRC download), the worm copies itself to the Windows system directory with Iesetup.exe and NetFriends.exe names.
The Iesetup.exe file is then registered in the auto-run section:
in the WIN.INI file, [windows] section, "run=" key - under Win9x
in the system registry in "Run=" key - under WinNT
The worm then creates the C:Friends directory, creates the MAYA.VBS script file there and spawns it. This script file then spreads the worm with e-mail messages.
While spreading, the script connects to MS Outlook and sends infected e-mail messages to all addresses in MS Outlook Address Book. The messages contain:
Subject: Would you like a Net Friend ?
Body: Look at this zip file to find a Net Friend
Attachments: NetFriends.exe
The worm then affects the mIRC client in the following directories:
C:MIRC
C:MIRC32
The infected mIRC client sends a worm copy (Iesetup.exe file) to all users that join the infected channel.
The worm then displays the following fake error message:
WinZip Self-Extractor WinZip Self-Extractor header corrupt. Possible cause: bad disk or file transfer error
The worm also modifies the following registry keys:
HKLMSoftwareMicrosoftWindowsCurrentVersion
RegisteredOwner = Maya, Laurent, Etienne
RegisteredOrganization = PetiK Corporation
On the 5th of each month, the worm displays the following message:
I-Worm.Friends
Coded by PetiK (c)2001
To my friends Maya and Laurent

Check other viruses! Be aware! Use Antiviral Software

Satanic.1345

Description Satanic.1345

This is a very dangerous memory resident parasitic virus. It hooks INT 21h, and writes itself to the beginning of COM files that are executed or opened. On Fridays, it erases the disk sectors with the text:
Satanic Warrior

It also displays this text.

Saturday14

Description Saturday14

This is a very dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed. The virus writes the 17 bytes of size Jmp-Virus routine to the beginning of COM files. On Saturday, 14th of any month the virus erases some sectors of the C: drive.

Home