Apocalipse.1685
Description Apocalipse.1685
It is a dangerous memory resident encrypted parasitic virus. It traces INT 13h, 21h, hooks INT 21h and writes itself to the end of COM and EXE files that are executed. While installing into the system memory it also infects the C:DOSMODE.COM file.
The virus writes the counter into hard drive sector and increases that counter each time the virus installs itself into the memory. After 100 installation the virus corrupts CMOS and MBR of the hard drive, and displays:
Apocalipse 2.0 por M.A.C.
Isto é um vírus - afaste-se do computador, sen¦o constipa-se !
Boa sorte nas reparaç_es - nada está perdidoall
Também, andavas a trabalhar demais - aproveita para descansar !
Lembra-te: coisas destas só ajudam a formar caracter - n¦o,
n¦o precisas de agradecer, é um prazer ajudar...
Voltarei...
Preme uma tecla
Check other viruses! Be aware! Use Antiviral Software
Baran.3294
Description Baran.3294
These are memory resident parasitic polymorphic viruses. They hook INT 21h and write themselves to the end of COM and EXE files. "Baran.3294" infects the files that are executed or closed. "Baran.4968" infects the files that are closed (both FCB and Handle calls), executed,
To hook the interrupt vectors these viruses use several tricks. The INT 21h handler in "Baran.3294" virus contains just only instruction - call to INT 1 (CDh 01h). That virus also hooks INT 1, and when INT 21h call is performed, the control is passed to INT 1 handler that contains file infection routines.
"Baran.4968" traces INT 13h, 21h. To hook INT 21h the virus patches INT 21h handler in the DOS area (the original INT 21h handler) with INT 29h call (CDh 29h), then patches INT 29h handler with FAR JMP_Virus instruction. As a result the virus handler takes both INT 21h and INT 29h calls. To separate them the virus checks the address of caller and either executes the original INT 29h, or passes the control to the virus INT 21h handler. If the virus cannot to hook INT 21h, it infects the command interpreter by using COMSPEC= pointer. If MS Windows is active, the virus also infects the program that will be executed when Windows exits to DOS.
"Baran.4968" is the stealth virus. When an infected file is opened (both FCB and Handle calls), loaded as overlay or debugged, the virus disinfect it. This virus also checks the file name and does not infect the files IBMBIO.* and IBMDOS.*.
"Baran.3294" is not a dangerous virus. Depending on the system time it displays the message:
Gwadera to baran !
"Baran.4968" is a very dangerous virus. Depending on its internal counter it corrupts the data that are saved on disk. It contains the text:
Unknown destroyer v1
Barcelona
Description Barcelona
This is a memory resident not dangerous virus which hooks INT 21h and infects .COM-files except COMMAND.COM when they are started. The virus writes itself into the file beginning. It clears the screen and then displays the red and yellow lines and the text:
CATALUNYA LLIURE
FORA LES FORCES D`OCUPACIO
MORT ALS TERRORISTES TRICORNUTS
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Online Sudoku
Russian Ladies
Das Krankenkassen Portal
Gewindefahrwerke Kaufen
Hf StÄd Och Markservice
|