Janka.1336
Description Janka.1336
It is a very dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed. The virus does not infect files that contain substrings in names:
WEB, AVP, EST, AND
On 24th in any month the virus destroys data on the first hard drive.
The virus contains the text string:
[Janka [1.05D], 1998]
Check other viruses! Be aware! Use Antiviral Software
Andry.565
Description Andry.565
Harmless memory resident virus. It hooks INT 21h and writes itself to the end of executed COM files. Makes no indications of itself on an infected system. Contains a string:
ViRuZ by Andry Christian
Andryushka.3536
Description Andryushka.3536
These are very dangerous memory-resident polymorphic viruses. They affect COM- and EXE-files (excluding COMMAND.COM) whenever an infected file is started (search in directories). "Andryushka" also infect files from its TSR-copy (when the files are opened, run, renamed and so on). After getting infection from virus "Andryushka.3536" EXE-files are changed to COM-format (see the "VACSINA" viruses). The virus penetrates into the middle of a file. The part of the infected file where the virus has been written to is encrypted and placed at the end of the infected file.
The virus creates counters in the Boot-sectors of disks and depending on the counters values may corrupt some sectors on the disk C:. On doing this the virus plays a tune and displays the following text:
+-----------------------+
ƒ Hello!!! ƒ
ƒ My name is Andryushka ƒ
ƒ I come from Perm,USSR ƒ
+-----------------------+
The virus also contains the text: "insufficient memory". "Andryushka" works with interrupt handlers fairly well: it saves a part of the INT 25h handler in its own body and writes its code (call to INT 21h) into the emptied place. When INT 25h is called its handler is restored.
|