Virus Database

Lucas.1871

Description Lucas.1871

It is not a dangerous nonmemory resident encrypted parasitic virus. It searches for COM-files, then writes the decryption routine to the file beginning, encrypts itself and writes the encrypted code to the end of the file. Before return to the host program the virus displays the picture and the messages:
[Picture cannot be displayed in WWW version.]
It is a time of Civil War. Using fear and intimidation, the Empire seeks to
impose a New Order on the galaxy. Only the Rebel Alliance stands in the way
of their evil plans. Not yet willing to confront the Empire directly, the
Rebels are marshalling their forces in secrecy. Even now a group of their
prized Calamari Cruisers is being intercepted by a squadron of Imperial
Star Destroyers. The Rebel Fleet is outnumbered but, they have a
surpriseall the X-Wing Starfighter!

Check other viruses! Be aware! Use Antiviral Software

Kernel.608

Description Kernel.608

It is a very dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of .COM files that are executed. On June, 8th it erases the hard drive sectors and halts the computer. It contains the word "KERNEL" and encrypted string:
Dedicated to tfe 13021 lost sheep. Please God, do help them.

Kerplunk.3059

Description Kerplunk.3059

This is a dangerous memory resident oligomorphic and stealth parasitic virus. It hooks INT 21h, and intercepts the 23 DOS function of file accessing, searching, memory allocation and others: AH=00h, 11h, 12h, 18h, 31h, 32h, 3Dh, 3Fh, 40h, 41h, 42h, 43h, 48h, 49h, 4Ah, 4Bh, 4Ch, 4Eh, 4Fh, 52h, 56h, 57h, 6Ch.
The virus writes itself to the end of COM and EXE files that are accessed. It also checks the file names, and does not summon the infection routine if a file name begins with: RA (RAV), FV (FV86/FV386), FI (FindVirus), NO (Nod-ICE), SC(McAfee Scan), VS (McAfee VShield), TB (ThunderByte Anti-Virus).
The virus disinfects an infected file when writing to them or loading for debugging. When WIN.COM is executed (Windows is starting), the virus disables its stealth routines as well as Windows' 32-bit disk access (the virus appends the option "/d:c" to the end of command line). The virus also temporarily disables its stealth routines when several utilities are executed: ARJ, RAR, LHA, PKZIP, CHKDSK, HIT, BACKUP, MSBACKUP, TELIX, DEFRAG, SPEEDISK, UC.
If an IPX driver is detected, the virus accesses the Novell Network, and causes network faults. If the user name of the infected PC is SUPERVISOR, the virus summons Novell Netware functions to perform several actions in the network:
On Mondays, it sets SUPERVISOR privileges for GUEST login
From the 1st until the 4th of any month, it disables SUPERVISOR's privileges.
If the current time is less than 9:00, it reboots the server
If the current time is less than 14:00, it cancels a randomly selected connection
On Sundays, it cancels the logging procedure.
If a user name is not SUPERVISOR:
It clears the screen on a Novell server
It sends a message to a randomly selected user on the network:
Permanent system error. Please hit the computer NOW!

The virus also contains the text:
Kerplunk coded by Virtual Daemon/SLAM

Home