Virus Database

AntiPascal Family

Description AntiPascal Family

These are dangerous not memory resident parasitic viruses that contaminate or corrupt not more than two files in all directories on the current disk and C: disk. Searching for noninfected files, the viruses use recursive traversal of the directory tree. They contaminate .COM-, .BAK- and .PAS-files. In case of .COM-file, the viruses write themselves at the end of a file (versions of the viruses with lengths 400, 407, 440 and 480) or at the beginning (all other versions of the viruses). When infecting .BAK and .PAS-files the viruses write themselves at the beginning of a file, not saving the old beginning, i.e. the file is damaged irreversibly. Some of the virus versions rename .BAK- and .PAS-files to .EXE.
"AntiPascal.407" deletes *.?A? and *.SYS files, it contains the internal string: "COSMIC-1".

Check other viruses! Be aware! Use Antiviral Software

I-Worm.Logic

Description I-Worm.Logic

This is the first known Internet-worm in the Logo language that is widely used by schools worldwide. The worm itself is a LGP file, that is, a Logo Project File. It can be executed with special interpreter software like SuperLogo for Windows.
The worm doesn't spread by itself; rather it drops two different components:
a VBS file to spread through e-mail a la LoveLetter
an INI file to spread through IRC channels
It also drops a BAT file that writes a message on the screen during Windows startup. The message is:
You think Logo worms don't exist? Think again!
The worm creates a VBS file in a Windows startup folder, thus, it will be executed automatically upon the next Windows startup. The scripts in the VBS file create and send a message via Outlook to every entry in the address book. These messages have:
Subject: Hey friends!
Body: Hello! Look at my new SuperLogo program! Isn't it cool?
Attached file name: logic.lgp
An MIRC script in the worm's INI file is very short, and just sends the worm's LGP file to all users joining an infected channel.

I-Worm.Lohack.a

Description I-Worm.Lohack.a

This is a virus-worm that spreads via the Internet attached to infected e-mail. The worm itself is a Windows PE EXE file about 15Kb in length (compressed by UPX, decompressed size is about 41K), and it is written in Microsoft Visual C++.
Infected messages consist of the following:
Subject: Hacking courseall
Body: Look the hacking course - version 1.0 !
By Senna Spy - Made In Brazil
http://www.avpavp.hpq.com.br
Attachment: hacking.exe

The worm is activated from infected e-mail only when a user clicks on the attached file.
The worm does not install itself to the system and is not activated anymore (except in cases when a user clicks on the attached e-mail again).
To send infected messages, the worm scans the Windows directory and all subdirectories, and looks for files with the following extensions:
.IDX .NCH .MDX .DBX .MSG .EML .TXT .HTM
Then it looks for e-mail addresses in these files (text strings that are e-mail addresses), then sends infected messages to these addresses. To send infected messages, the worm uses Windows MAPI functions.

Home