Virus Database

Macro.Access.Walla

Description Macro.Access.Walla

This virus infects MS Access databases. While infecting the virus replaces in databases the Autoexec script and copies to database additional form named "Walla Walla". Form contains macro with two subroutines:
Form_Load
ChangeProperty

When an infected database is opened, the startup form is activated. In infected databases it immediately calls subroutine "Load_Form" that contains main virus code. This subroutine searches for first five databases in the current directory and infects them. While searching the virus uses the "*.MDB" mask. Before infecting the virus changes several system parameters: disables viewing macros by using hot-keys and on error while executing macros, enables executing auto-scripts when Shift key is pressed (by default pressed Shift disables auto-scripts).
If day of month equals the month number, the virus shows two messages:
Walla Walla
Walla Wallaall
You've gotten off easy so many times
But I guess no one told you how to get a life

A97M/Walla Walla
Walla Walla...
The Song by The Offspring (c) 1998
The Virus by RUiNER '98 (c) 1998

Check other viruses! Be aware! Use Antiviral Software

Gift.553

Description Gift.553

These are not dangerous memory resident parasitic viruses. "Gift.724" is encrypted. They hook INT 21h and write themselves to the beginning of COM files that are searched. While installing memory resident the viruses allocate a 64Kb block of DOS memory that may decrease the system performance.
The most interesting feature of these viruses is their structure: it follows the standard ZIP archives binary format. The beginning of virus code is very similar to ZIP header, and to the end of infected files a block of data is written that is similar to ZIP "end-of-archive" data. Despite on this, when infected files are run, these data are executed as a sequence of legal assembler instructions that pass control to the main virus code. As a result, the infected files can be not only executed as DOS programs, but also can be accessed as ZIP archives. These "archives" contains just one file named "SMF_Gift.com". Being "extracted" this file is the same as original contents of infected file.

Gigi.1283

Description Gigi.1283

These are dangerous memory resident encrypted parasitic viruses. They hook INT 21h and write themselves to the end of .COM files that are executed. The viruses do not infect the files: VSAFE.COM, COMMAND.COM, WIN.COM. They have bugs and install themselves two and more times in the system memory, as a result in some time the system halts.
The viruses contain the text strings:
SUCKER
.COM VSAFE COMMAND WIN

"Gigi.1449" contains the texts:
Gigi Euristicu' v1.0 * RoMaNiA
Only COM infector but a new generation is comeing all
Copyright [C] 1996-97 Elecktronick RAT & Pink Phanter
Special thanks to GikuABS (Ps!ko)
Who's General Failure and what's he doing on your HD ?

Home