Virus Database

IRC-Worm.ElSpy.2278

Description IRC-Worm.ElSpy.2278

This is an IRC worm that spreads through IRC channels using the mIRC client for spreading. The worm appears on a computer as the EL15_BMP.EXE DOS program. When this file is executed by a user, the worm installs itself into the system, and creates a temporary DOS batch helper that copies the worm file to the C:WindowsSystem directory and overwrites the mIRC SYSTEM.INI script file with new instructions.
The commands that are written to SYSTEM.INI mIRC script intercept several events:
when a new user enters the infected channel, (s)he is sent by the worm copy (the C:WINDOWSSYSTEMEL15_BMP.EXE file).
on connection to a channel, the worm informs a user with a "EL15_SPY" nick about an infected client sends the IP address of an infected user the name of the IRC server the user is logged on to, and the port address.
if the word "EL15" appears on the channel, the worm opens the C: drive on an infected computer as a file server (shares C: drive).
on text "are_u" the worm sends the message: "EL15_send_kisses_to_U_:)__come_on!" followed with an IP address of an infected user.
The worm contains the following text strings:
Designed by Del_Armg0____26 Juin 1999____Keep It Load!
MagicÇ%Software (c) 1999

Check other viruses! Be aware! Use Antiviral Software

Burger Family

Description Burger Family

These are dangerous, non-memory resident parasitic or overwriting viruses. They write themselves to the beginning of .COM files of the current drive.
"Burger.1336.a" erases and doesn't restore the file attributes and displays the following strings:
Virdem Ver.: 1.06 (Generation 1) aktive.
Copyright by R.Burger 1986,1987
Phone.: D - 05932/5451
This is a demoprogram for
computerviruses. Please put in a
number now.
If you're right, you'll be
able to continue.
The number is between 0 and
Sorry, you're wrong
More luck at next try all.
Famous. You're right.
You'll be able to continue.
All your programs are
struck by VIRDEM.COM now.

"Burger.1336.b" types:
Virdem Ver.: 1.06 (Generation 5) aktiv.
Copyright by R.Burger 1986,1987
Tel.: 05932/5451
Dies ist ein Demoprogramm fuer
Computerviren. Geben Sie nun
bitte eine Zahl ein.
Wenn Sie richtig raten,duerfen
Sie weiterarbeiten.
Die Zahl liegt zwischen
0 und
Bedauerlicherweise war Ihre
Antwort nicht richtig.
Mehr Glueck beim naechsten Mal ....
Bravo. Richtige Antwort.
Sie duerfen weiterarbeiten.
Alle Ihre Programme sind nun infiziert.

"Burger.1336.c" contains the text:
*.com *
Virus Infestation ACTIVE
KILLER
SOMETHING WONDERFUL HAS HAPPENED !!!

In September, "Burger.301" formats the floppy disk sectors and types:
Sad virus - 24/8/91

"Burger.560" can erase the sectors of disks with random numbers. Some of "Burger.560" contains the string: "Function not supported by network'Required system component n". "Burger.560.b" displays the following messages:
MADE OUT!..
[GARDEL] VIRUS.
Cada dia infecta mejor.
By:STONE FIST & CYBER ELF
MADE OUT!..STONE FIST &CYBER ELF.[TANGO] VIRUS.Ind. Arg

and erases disk sectors. "Burger.560.h" contains the internal text "RB2 - LiquidCode ". "Burger.601" decrypts and types "Kewl Dewdz!", it also contains the encrypted string "Made in STL (c) '91". "Burger.824" types the text:
Datum falsch
Bitte DATE aufrufen

"Burger.1310" types "Welcome to Twin Peaks..Your PC now has the Twin Peaks virus."
"Burger.1542" erases the screen by moving the color picture.
"Burger.Pirates.609" erases the disk sectors and formats the disks. It contains the internal text string:
1989 / 1990 Software Pirates - Fast Serial - Portugal *.com *

Burger.1310

Description Burger.1310

This is a dangerous, non-memory resident parasitic overwriting virus. It writes itself to the beginning of COM files of the current drive.
The virus types:
Welcome to Twin Peaks..Your PC now has the Twin Peaks virus.

Home