IRC-Worm.Radex
Description IRC-Worm.Radex
This is a virus-worm that spreads via IRC channels. The worm itself is a batch-script file about 3 Kb in length.
The worm copies itself to the following batch files:
C:Windowswinstart.bat
C:WindowsLINUX_SH_DOS_BAT_WIN_JS.bat
C:Win95LINUX_SH_DOS_BAT_WIN_JS.bat
C:Win98LINUX_SH_DOS_BAT_WIN_JS.bat
C:WinMELINUX_SH_DOS_BAT_WIN_JS.bat
The batch file drops and executes the JS file LINUX_SH_DOS_BAT_WIN_JS.JS. This JS file displays a dialogue window with the following Title/Subject:
Radix16/SMF
SH-BAT-JS
After this, the worm creates and sends the new e-mail message to the following address:
Radix16@atlas.cz
The infected messages contain the following:
Subject: SHBATJS
Body: crazzy bat :) testing MS OTLOOK in the (WORLD)
Attach: LINUX_SH_DOS_BAT_WIN_JS.bat
The virus-worm also creates the file C:MIRCSCRIPT.INI. This INI file sends the batch file to the IRC channels.
Installing
While installing, the worm copies its JS component to the Windows directory with the name C:WINDOWSLINUX_SH_DOS_BAT_WIN_JS.JS, and registers this file in the WIN.INI run section.
The worm also contains the following text strings:
# /bin/sh
-=LINUX START=-
-=DOS/WIN START=-
ONLY SAMPLE (TEST) LINUX SH DOS BAT WIN JS all........
WoRlD iS mY
Check other viruses! Be aware! Use Antiviral Software
Constructor.VCL
Description Constructor.VCL
The virus constructor utility VCL.EXE (Virus Creation Laboratory) seems to be the most well-known virus creation tool. This constructor can generate source assembler files of the viruses, OBJ modules and infected master files. VCL contains the standard pop-up menu interface. By using VCL menus, it is possible to choose the virus type, enable or disable self encryption, anti-debugging code, and internal text strings. It also is possible to choose up to 10 effects, which are summoned upon virus execution, etc. VCL-based viruses can use a standard means for infection (they append their code to the files while infecting them), they can overwrite the files or use companion technology.
The main properties of VCL-viruses are:
they are non-memory resident;
they scan the subdirectory three or the current directory of the current drive while infecting files;
they append to COM files, or create new COM files or overwrite COM and EXE files.
Conzouler.230
Description Conzouler.230
These are harmless memory resident parasitic viruses. They hook INT 21h and write themselves to the end of COM-files that are executed. The viruses do not manifest themselves. They were written by somebody who named itself "Conzouler/IR".
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
|