Virus Database

I-Worm.Trood

Description I-Worm.Trood

This is Internet worm that spreads attached to e-mails. The worm itself is a Windows application (EXE file) about 10K in length. The worm is able to infect Win9x/ME systems only.
When the worm is activated (executed by a user from a attached file), it installs itself to the system and displays a fake message:

Spreading
The worm stays in the Windows memory, registers itself as a hidden application (service), then copies a block of its code to the Win9x system area (as a VxD driver), and hooks TDI (Transport Driver Interface) functions that are responsible for connection and data sending (i.e., the worm spreading routine does not depend on the e-mailer, and is able to infect e-mailers of any type). So, the worm hooks transport protocols similar to firewall utilities.
The worm then monitors all messages that are being sent by SMTP protocol. If a message has no attached file(s), the worm appends its own file as an attachment with a TCPIPUPD.EXE name.
Run Each Time Windows Starts
To force Windows to run itself upon the next reboot, the worm copies itself to the Windows system directory with a SYSTRAY.EXE name. As that file usually is registered in the system registry auto-run key, the worm code is activated upon each Windows restart instead of the original SYSTRAY.
The SYSTRAY.EXE is usually active, and locked for writing by Windows as a result. To avoid this, the worm uses a standard trick of replacing files by using a WININIT.INI file.
To release control to an original SYSTRAY file, the worm, while installing, renames it with a SYSTRAY.SYS name. When the installing worm's routine is complete, it runs this SYSTRAY.SYS file, and the original SYSTRAY program starts.
Payload
On Saturdays, the worm activates its payload routines that slowly move an active application window to a random direction (outside the desktop), and in five minutes, restarts Windows.
The worm code also contains the text strings:
I-Worm.Win9X.Troodon v1.0 Project
Developed by Clau.

Check other viruses! Be aware! Use Antiviral Software

BloodyWarrior

Description BloodyWarrior

It's a dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself at the end of .COM- and .EXE-files that are accessed. or opened. On July, 4th it erases the FAT of the current drive and overwrites the boot sector with the message:
Hello, world ! I am the Bloody Warrior. Nice to meet you. What about this
virus ? Funny ? There is no hope for you. This virus was released in Milan
1993. Bloody Warrior

This virus contains the internal string "SCANSTOPSHIELDCLEANCVDEBUGTD" and does not infect the files with names from this string. It also contains the strings "FUCK YOU", "EXECOM".

BlueNine.925.a

Description BlueNine.925.a

BlueNine.925
This is the harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are executed or accessed with FindFirst/Next functions.
It contains the following text string:
00- Blue Nine Virus by Conzouler 1994 -00
The virus doesn't indicate its presence in the system.
BlueNine.1725
This is the harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are executed or accessed with FindFirst/Next functions.
It contains the following text string:
>-/-> The_Cranberries virus <-/-(
The virus displays the following message according to the system timer:
Lying in my bed again
And cry cos you're not here
Crying in my head again
And I know that it's not clear
Put your hands, put your hands
Inside my face and see that it's just you
But it's bad and it's mad and it's making me sad
Because I can't be with you
Be with you, be with you, be with you
Baby I can't be with you
Thinking back on how things were
And how we loved so well
I wanted to be the mother of your child
And now it's just farewell
Put your hands in my hand
And come with me, and find another hand
And my hand my hand
On anyone's sholder
Cause I can't be with you
Be with you, be with you, be with you
Baby, I can't be with you
Cause you're not here, you're not here
Baby I can't be with you

Home