Virus Database

I-Worm.Thonic.b

Description I-Worm.Thonic.b

This worm spreads via the Internet as an attachment to infected files. The worm itself is a Windows PE EXE file. The body of the worm is encrypted and 7502 bytes in size.
The worm searches for PE files with the extensions .exe, .cpl, and .scr.
When infecting these files it writes itself to the end of the files in a section named .DCUbLmd
It does not infect already infected files.
The worm's code contains errors. It is unable to propagate independently.
A VBS script controls propagation via email. The script is 875 bytes in size, and saved as C:\cthonic.vbs
The executable file infects notepad.exe, and copies itself to the C: root directory as C:snowboard_accident.avi.[75 spaces]exe
It then executes the script to mail the file snowboard_accident.avi.[75 spaces]exe.
The worm contains the following text:
-=[YoG-SoTHoTH]=-
The Ancient Ones are near !!! Fear not these latter days of humanityall
Created by -=[YoG-SoTHoTH]=- on Sept2003
HEX EDITING BIATCHs.......FUCK OFF !!!
Win32.CthonicWorm.1a by -=[Azag-TH0TH]=-
It changes the system registry
[SOFTWAREMicrosoftWindowsCurrentVersionRun]
to ensure that the body of the worm is launched every time the system is started.
Infected messages:
Subject:
Hey check out this funny video my friend sent me !
Message body:
Mail Body
Attachment name:
C:snowboard_accident.avi.[75 spaces]exe
The worm is activated when the user launches the infected file by clicking twice on the attachment. Once this is done, the executable system files will be infected.
The worm uses Windows MAPI function to send messages.
Mass mailing
When sending infected messages, the worm accesses MS Outlook and sends itself to all addresses harvested from the address book.
It also propagates via mIRC.

Check other viruses! Be aware! Use Antiviral Software

SkyNet.1448

Description SkyNet.1448

It is not a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of EXE files that are accessed. Depending on its internal counters it slows down the computer (dummy loop on any INT 21h call) and displays the messages:
*** Terminator I *** Created by Sky Net in Chung-Li.
Terminator Message:
Don't be afraid.
I am a very kind virus.
You have do many works today.
So,
I will let your computer slow down.
Have a nice day,
Goodbye.
Press a key to continue. . .

Slam.565

Description Slam.565

Slam.565
It is a harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are executed or opened. The virus does not manifest itself in any way, it contains the text:
SKANK (C) Dark Chakal [SLAM]

Slam.Damned
It is a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed. The virus deletes the anti-virus files: ANTI-VIR.DAT, CHKLIST.CPS, CHKLIST.MS, AVP.SET, FINDVIRU.DRV, AVP.OVL, SCAN.DAT, SIGN.DEF.
The virus also contains the text:
DaMNeD Virus (c) 1997, Dark Chakal [SLAM]

Home