JumpBoot
Description JumpBoot
It is a very dangerous memory resident multipartite virus. While executing an infected file the virus infects the MBR of the hard drive, and returns the control to DOS. While loading from infected disk the virus copies itself into Interrupt Vectors Table, hooks INT 13h and stays memory resident. The virus is stealth one while accessing to infected MBR.
While writing sectors to the floppy disks the virus checks the first byte of the sector. It that byte is JMP command (E9h or EBh), the virus overwrites that sector with its code. As a result the COM files which begin with JMP instruction are overwritten with virus copy when these files are copied to the floppy disk. While overwriting a sector the virus does not check is that sector the file beginning. So the virus can write its copy to the file middle. After infecting any file the virus disables its infection routine and does not infect the files up to next reboot.
Check other viruses! Be aware! Use Antiviral Software
Macro.Word.Vhdl
Description Macro.Word.Vhdl
This is an encrypted Chinese virus, it contains three macros:
Documents NORMAL.DOT
AutoOpen VHDL
ToolsMacro ToolsMacro, FileTemplates
VHDL AutoClose
It infects global macros area on opening an infected document (AutoOpen), and documents on their closing ( AutoClose). On entering the Tools/Macro menu the virus sets the password "VHDL" for current document .
Macro.Word.Vicinity
Description Macro.Word.Vicinity
This is an encrypted Word macro virus. It contains three macros: AutoOpen, ExtrasMakro (stealth), QuickSilver. The virus replicates itself when documents are opened (AutoOpen).
The virus replaces the Tools/Macro menu, if there is no text "MFake = no" in the WIN.INI file in the [QuiteVicinity.02] section. If Windows 3.1 is installed, the virus creates the C:SYSLOG1.BAT file and writes to there the command that resets the ReadOnly attribute for some file. The virus then writes the commands to the AUTOEXEC.BAT file:
echo off
call c:syslog1.bat
The virus displays the MessageBox:
Microsoft Word 1.0
Zur Zeit ist keine Dokumentvorlage aktiviert !
Starting from 1997 January 15 the virus searches and replaces: ". SAP" -> ". S+P", "%%%7%%%" -> "%%%8%%%".
Starting from 1997 June 15 the virus creates the C:BOOTLOG.BAT file that is called by AUTOEXEC.BAT and writes the commands to there:
if exist c:w95guardwgfe.exe del c:w95guardwgfe.exe
if exist c:winguardwgfe.exe del c:winguardwgfe.exe
Starting from 1997 August 15 the virus creates the C:SYSLOG2.BAT file with the commands:
echo Datenmuell >> c:
etstat.con
attrib -R c:
etstat.con
type c:
etstat.con >> c:
etstat.con
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Marine Underwater Lights
Us Insurance Agents
Credit Card Offers
Rtl Software Solutions
Cajun Recipe
|