Innox.1333
Description Innox.1333
It is not a dangerous memory resident parasitic virus. It writes itself to the end of COM and EXE files. When an infected file is executed, the virus searches for files in the current directory and directories marked in the PATH. The virus then hooks INT 21h, stays memory resident and infects executable files that are executed. The virus displays the message:
Innoxious Bug 2.03 'The Sad Flasher' (c) 1994-96 Bugsoft-MSTU, Moscow.
Dedicated to all the rock'n'roll people.
Check other viruses! Be aware! Use Antiviral Software
Macro.PPoint.Attach
Description Macro.PPoint.Attach
This is the first known macro virus infecting MS PowerPoint presentation files. As well as other viruses infecting MS Office applications this is written in Visual Basic for Applications (VBA) language, and for spreading it uses Basic instructions and MS PowerPoint features.
The virus contains one macro that has event-function "UserForm_Terminate", this function is activated each time when UserForm is closed. This is the main virus function and it contains the virus infection routine.
When activated the virus infection routine searches for *.PPT files in the "C:My Documents" directory and subdirectory tree, opens files and copies its macro code to there.
Because of PowerPoint internal structure the virus is able to get control only in case any UserForm exists in target file. The virus checks files for UserForm presence and infects only such presentation. Otherwise the virus skips files and leaves them not infected.
The virus does not manifest itself in any way. It contains the comments, the first line is also used by the virus as the identification text to prevent duplicate infection:
<!--1nternal-->
PPT.Attach v0.1 /1nternal
Macro.PPoint.Kelly
Description Macro.PPoint.Kelly
This macro virus infects the MS PowerPoint presentations. The virus contains one macro "Jd" in the "Kelly" module. The virus code is activated on the MouseOver events on the infected form, it then runs its main routine and infects all form in opened presentations. While infecting the virus copies its code to the victim form and sets handler for MouseOver event to its own procedure. As a result the virus code runs automatically when mouse moves over infected form.
This virus does not have payload procedure. The code of virus contains the comment:
Copyright (C) 1998 by FlyShadow ~^^~ - Kelly
|