Virus Database

ArjRar.2821

Description ArjRar.2821

This is a relatively harmless, non-memory resident virus-worm. It searches for ARJ and RAR archives and appends its copy to archives that are found. The virus copy in archives is stored in the format of ARJ or RAR data and has the filename RUNME.COM in ARJ archives and RUN_ME_.COM in RAR. These "run-me" files contain a copy of the virus, and upon being extracted from an infected archive, they may spread the virus code to other archives.
In August, the virus drops the file PRESENT.COM, and upon being executed, it displays the following texts:
Citat klasika:
K anielovi chrbtom.
Tak zacal som cestou hirechu ist.
K anielovi chrbtom,
len 12 krokov,
a 12 ozvien na ne,
a dosiel som tam,kam som nemal prist
Dedicated to my friends Suzy&PEDRO
[an ANGEL-Sign of immortality]
by Blesk 8^)
Present by Blesk wish You
HAPPY B-DAY
Suzy

The virus also contains the following text strings:
*.ARJ *.RAR
RAR'n'ARJ Dropper by Qark/VLAD.
RAR support included by Blesk

Check other viruses! Be aware! Use Antiviral Software

Backdoor.SdBot.gen

Description Backdoor.SdBot.gen

This is a family of backdoor malicious programs, which provide the user with remote control over victim machines. This is achieved by sending commands via IRC channels.
Installation
Depending upon the program version, the backdoor either copies itself either to the Windows System directory or to other directories located in the System directory. The program also registers a copy of itself in the system registry, which ensures that it will be executed when Windows is started:
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
The registry value will vary according to which version of the backdoor has infected the machine.
Payload
Backdoor.SdBot connects to a range of IRC servers, then connects with a channel that is hard coded into its body. It is then ready to receive remote commands, such as downloading and executing remote files, acting as an IRC proxy server, joining IRC channels, sending messages via IRC, and sending UDP and ICMP packets to remote computers.

Backdoor.Subseven

Description Backdoor.Subseven

This is a remote administration utility used to control infected machines. It functions in a similar way to Backdoor.BO (a.k.a. Back Orifice) Trojan.

Home

Viruses from A to Z
0-9 A B Ñ D E F G H I J
K L M N O P Q R S T
U V W X Y Z



Stadens Golv Aktiebolag
Hiltunen, Lasse
H NILSSON BYGGKONSULT AKTIEBOLAG
AWEN - NAILS & BEAUTY HANDELSBOLAG
Willes RÖr

    Copyright © 2005 Virus-Database.com
© 2005 Virus-Database.com