Virus Database

Judgement.390

Description Judgement.390

It is not a dangerous memory resident parasitic virus. It copies itself into Interrupt Vectors Table, hooks INT 21h and writes itself to the end of COM files that are executed. On Friday, 13th it decrypts and displays the message:
Mike greets the worldall

Check other viruses! Be aware! Use Antiviral Software

Kernel.608

Description Kernel.608

It is a very dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of .COM files that are executed. On June, 8th it erases the hard drive sectors and halts the computer. It contains the word "KERNEL" and encrypted string:
Dedicated to tfe 13021 lost sheep. Please God, do help them.

Kerplunk.3059

Description Kerplunk.3059

This is a dangerous memory resident oligomorphic and stealth parasitic virus. It hooks INT 21h, and intercepts the 23 DOS function of file accessing, searching, memory allocation and others: AH=00h, 11h, 12h, 18h, 31h, 32h, 3Dh, 3Fh, 40h, 41h, 42h, 43h, 48h, 49h, 4Ah, 4Bh, 4Ch, 4Eh, 4Fh, 52h, 56h, 57h, 6Ch.
The virus writes itself to the end of COM and EXE files that are accessed. It also checks the file names, and does not summon the infection routine if a file name begins with: RA (RAV), FV (FV86/FV386), FI (FindVirus), NO (Nod-ICE), SC(McAfee Scan), VS (McAfee VShield), TB (ThunderByte Anti-Virus).
The virus disinfects an infected file when writing to them or loading for debugging. When WIN.COM is executed (Windows is starting), the virus disables its stealth routines as well as Windows' 32-bit disk access (the virus appends the option "/d:c" to the end of command line). The virus also temporarily disables its stealth routines when several utilities are executed: ARJ, RAR, LHA, PKZIP, CHKDSK, HIT, BACKUP, MSBACKUP, TELIX, DEFRAG, SPEEDISK, UC.
If an IPX driver is detected, the virus accesses the Novell Network, and causes network faults. If the user name of the infected PC is SUPERVISOR, the virus summons Novell Netware functions to perform several actions in the network:
On Mondays, it sets SUPERVISOR privileges for GUEST login
From the 1st until the 4th of any month, it disables SUPERVISOR's privileges.
If the current time is less than 9:00, it reboots the server
If the current time is less than 14:00, it cancels a randomly selected connection
On Sundays, it cancels the logging procedure.
If a user name is not SUPERVISOR:
It clears the screen on a Novell server
It sends a message to a randomly selected user on the network:
Permanent system error. Please hit the computer NOW!

The virus also contains the text:
Kerplunk coded by Virtual Daemon/SLAM

Home