Kotos.870
Description Kotos.870
It is not a dangerous memory resident parasitic virus. It hooks INT 9, 21h and writes itself to the end of COM files that are executed. When F12 key is pressed, the virus beeps by the PC speaker and turns on Num/Caps/ScrollLock keys. The virus also calculates program executions and on 32th execution beeps by the PC speaker and displays the message:
szczescie ziemia pachniec winno
strzez sie plucia pod wiatr
RAMIREZ K2K (c) 1996 Lochow
(pozdrowienia dla pani Katarzyny Koros)
Check other viruses! Be aware! Use Antiviral Software
GW.1201
Description GW.1201
It is a harmless memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed or closed. The virus checks file names and does not infect anti-virus programs and files with the names: AIDSTEST, DRWEB, COMMAND, IBM*, AVP.
While infecting the virus uses undocumented System File Tables. The virus also uses other tricks to hide itself in the memory and access system resources: it traces INT 13h to get original INT 13h handler and patches DOS kernel to intercept file accessing calls.
The virus is encrypted in files as well as in the system memory. When needed the virus decrypts routines, executes them and then encrypts.
The virus does not manifest itself in any way. At the beginning of its code it contains a set of instructions that looks like text string:
_GW
Gwar
Description Gwar
It is a very dangerous memory resident encrypted and stealth boot virus. It hooks INT 13h and writes itself to the boot sector of diskettes and MBR sector of hard drive that are accessed. The virus copies its TSR copy to the interrupt table. From January 1st till 7th the virus displays a message and erases sectors on the hard drive, the message looks like follows:
Gwar virus by T-2000
|