Macro.Excel97.Yawn
Description Macro.Excel97.Yawn
This virus creates an infected workbook "PERSONAL.XLS" in the Excel start-up folder. Upon Excel startup, this workbook is automatically loaded and the virus gains control. The virus activates upon the opening of every workbook and infects it.
To disable the Excel macro-virus protection, the virus uses calls to the system functions that directly modify the system registry. The virus hides itself by deleting the menu item "Tools/Macro".
The virus has no any payload.
Check other viruses! Be aware! Use Antiviral Software
Arusiek.817
Description Arusiek.817
It's a memory resident not dangerous parasitic virus. It hooks INT 21h and infects .COM- and .EXE-files except MKS.*, NAV.*, CLEAN.* and COMMAND.* on accessing them. It also hooks INT 16h (keyboard) and sometimes exchanges the letters which are typed by keyboard with the string "Arusiek R.".
Arya.4616
Description Arya.4616
This is a very dangerous memory resident encrypted multipartite virus. It infects the MBR of the hard drive, COM and EXE files. When an infected file is executed, the virus infects the MBR of the hard drive, hooks INT 13h and 21h, and stays memory resident. While loading from an infected disk, the virus hooks INT 1Ch and 13h, waits for the DOS loading process, and hooks INT 21h.
INT 1Ch handler is used by the virus to hook INT 21h. The INT 13h handler contains a stealth routine that is executed upon accessing the infected MBR. INT 21h contains a file infection routine - the virus writes itself to the middle of COM and EXE files that are accessed. Upon changing the current directory and upon deleting files, the virus also searches for COM and EXE files and infects them. After infecting a file, the virus deletes the CHKLIST.MS file, if it exists. The virus does not infect the following files:
CHKDSK.*, COMMAND.COM, EMM386.*, POWER.* INTERLNK.*, MCA.*, MSCDEX.*,
SHARE.*, CERT.*, TOOLKIT.*, GUARDMEM.*, GUARD.*, SCAN.*, CLEAN.*,
FINDVIRU.*, FV*.*, TB*.*, CLEANPAR.*, CLEANBOO.*, VSAFE.*, MSAV.*, NAV.*,
VALIDATE.*, VSHIELD.*, VIVERIFY.*, IMENSCAN.*, TAROMAR.*
Depending on the system date, the virus displays the message:
Arya V1.0
This is the most Powerfull and Technical Iranian program all
Azad University of Lahijan .
Sig: - 17FSAK - ( 1996 )
On the 13th beginning from June, the virus overwrites .DBF, .ZIP, .LZH, .GIF, .DAT, PCX and .GN files with the same message. The virus calculates the CRC sum of its code, and if this sum is wrong, the virus erases the CMOS. The virus has bugs and may halt the system.
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Franchise
Tech News
Golfschuhe Damen Ecco
Sms
скачать книгу
|