Knight.1136
Description Knight.1136
It is a dangerous nonmemory resident overwriting virus. It searches for .COM files and overwrites them. This virus uses several levels of decryption, some parts of code are encrypted up to seven times. This virus uses anti-debug tricks, it contains the text strings and displays some of them:
Aspettami che arrivo
all you can be anything you want to be ...
*.COM
-KNIGHT-
Check other viruses! Be aware! Use Antiviral Software
Bomber
Description Bomber
It's a harmless memory resident polymorphic virus. It hooks INT 21h and infects COM-file except COMMAND.COM on their running. It contains the internal text messages "COMMANDER BOMBER WAS HERE" and "[DAME]".
The characteristic feature of this infector consist of a new polymorphic algorithm. Upon infection the virus reads 4096 bytes from the random selected offset and writes this code at the and of the file. Then it writes into this 'hole' its code and starts to polymorphism. This virus contains several subroutines which generate the random (but successfully executed!) code. TRhe virus inserts those parts of random code into the random chosen position into the host file. About 90% of all the i8086 instructions are present in those parts. The part of code takes the control from the previous part by JMP, CALL, RET, RET xxxx instructions. The first part is inserted into the file beginning and jumps to next part, the next part jumps the third etc. The last part returns control to the main virus body. At the end the infected file looks like at 'spots' of inserted code.
Bomzh.3809
Description Bomzh.3809
It is a very dangerous memory resident encrypted parasitic stealth virus. It hooks 17h, 21h and writes itself to the end of EXE files that are executed, renamed or closed. While opening an infected file the virus disinfects it. When a file compressing utility is run, the virus disables its stealth routine. The list of these utilities looks as follows:
RAR.EXE PKZIP.EXE ARJ.EXE ICE.EXE HA.EXE
The virus deletes the files:
VSWAP.WL?
ILLURIA.MAP
*.WAD
While printing a file the virus includes a word in Russian into the data . The virus also contains text strings in Russian.
|