Virus Database

KOH.a

Description KOH.a

It's a memory resident boot virus. It hooks INT 09h (keyboard) and INT 13h. On loading from infected floppy it asks user for permission to infect hard drive:
KOH-Encrypt your HARD DISK now (please backup first)?

and infects HD on 'Y' answer, in another case it returns control to normal booting. On infection of hard drive this virus encrypts its sectors, the virus asks passwords before infection:
Now, enter 2 passwords, 1 for HD, 1 for FD. FD PW can be changed anytime
with Ctrl/Alt-K, C/A-O stops FD infect, C/A-H uninstalls on HD. Enter HD
PW at power up. WRITE THIS DOWN!
CASUAL encryption=fast but breakable--keeps out snoops.
STRONG encryption=good but slow--keeps out all. Use disk cache.
Do you want STRONG encryption?

On loading from infected HD the virus asks for password and lets booting on true answer only. This virus infects/encrypts floppy disks also. It can decrypt disks and uninstall itself on Ctrl-Alt-K,O,H keyboard keys. This virus contains and displays other strings also:
Initial load failedall aborting.
Load successful. A: now infected with KOH.
Sure you want to uninstall?
Should change be permanent?
Enter FLOPPY PW now.
Now enter HD PW.
Enter
Password:
Verify Password:
Verify failed!
KOHv1.00

Check other viruses! Be aware! Use Antiviral Software

Pojer.4028

Description Pojer.4028

This is a benign memory resident polymorphic and stealth parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed. While opening or creating a file, the virus stores the file handle, and infects that file while closing. While opening, the virus also disinfects the infected files. The virus checks the file names, and does not infect the following files:
ASTA.EXE
F-PROT.EXE
DEFRAG.EXE
NDD.EXE
CPAV.EXE
MSAV.EXE
SCANDISK.EXE
CHKDSK.EXE
VSAFE.COM
UCOM.COM
UEXE.EXE
GUARD.EXE
GUARD.COM
TNTVIRUS.EXE
CLEAN.EXE
SCAN.EXE
VSHIELD.EXE
VSHIELD1.EXE
NETSCAN.EXE
IBMBIO.COM
IBMDOS.COM
CHKAVAST.COM
STROJ_F.EXE
STROJ_P.EXE
STROJ_S.EXE
KRNL286.EXE
KRNL386.EXE

On November 17th and February 6th, the virus beeps on the PC speakers, and then decrypts and displays the following message:
** BRAIN2 v2.00beta - upgrade from POJER **
BETA tester, thank you,
.. have a nice day in cyberspace all
This crazy program is (c) 12/93 by SB

In January, November, and September, on odd days, the virus also hooks INT 1Ch, and places a blinking '_' char in the upper left corner of the screen.
The virus also contains the following text string:
Kernel1.41

Polifemo Family

Description Polifemo Family

These are harmless nonmemory resident parasitic viruses. They search for .COM files of current and root directories, the DOS, WINDOWS, QEMM, DV directories, then they write themselves at the end of the file. The viruses contain the text string:
**** Polifemo ****

Home