Virus Database

Macro.PPoint.Kelly

Description Macro.PPoint.Kelly

This macro virus infects the MS PowerPoint presentations. The virus contains one macro "Jd" in the "Kelly" module. The virus code is activated on the MouseOver events on the infected form, it then runs its main routine and infects all form in opened presentations. While infecting the virus copies its code to the victim form and sets handler for MouseOver event to its own procedure. As a result the virus code runs automatically when mouse moves over infected form.
This virus does not have payload procedure. The code of virus contains the comment:
Copyright (C) 1998 by FlyShadow ~^^~ - Kelly

Check other viruses! Be aware! Use Antiviral Software

Burglar family

Description Burglar family

These are not dangerous memory resident parasitic viruses. "Burglar.1365" is an encrypted virus. They hook INT 21h and write themselves to the end of EXE files that are accessed. The viruses check the name of the file, and do not infect the file if its name contains "V" or "S" symbols, or begins with: "CL", "HW", "TB", "F-", "WC", or "TK", according to the string (two letters per name):
CLHWTBF-WCTK

Several versions ("Burglar.1150,1365") also search for EXE files and infect them when DOS functions GetDiskSpace or DeleteFCB (AH=13h,36h) are called. The viruses search for EXE files in the current directory only.
"Burglar.1365" also drops a silly nonmemory resident overwriting virus "SillyOC.100".
The viruses depending on the system timer display the messages:
"Burglar.820": BURGLAR
"Burglar.824": BURGLAR!
"Burglar.833": BURGLAR/Type D
"Burglar.877": BURGLAR/Type E
"Burglar.1004": BURGLAR/Type F
"Burglar.1050": BURGLAR/G by SVS
"Burglar.1150": Burglar/H
"Burglar.1365": Burglar/I

The viruses also contain the text strings:
"Burglar.777": Burglar
"Burglar.1004": [_THE KNIGHT OF A DOLL - PART I_]
"Burglar.1050": [Yally livesallsomewhere in Mind]
"Burglar.1150": AT THE GRAVE OF GRANDMA...
"Burglar.1365":
Burglar VIRUS (Type I/Last Ver) with Miny1.100 9192/3/12-4/1
by Corean Virus' leader : KOV (Knight Of Virus).

Burma Family

Description Burma Family

These are dangerous not memory resident overwriting viruses. They search for first .EXE- and first .COM-file of current and DOS directories and overwrite them. On infection these viruses (except "Burma.409") manifest themselves by a video effect, then they display the messages:
"Burma.442": [Tempest - _]
"Burma.563,756": Reading system configuration, please wait.
SwizzleStyxx!

The viruses contain the internal texts also:
"Burma.442": Rangoon, Burma
"Burma.563,756": D_a_r_k_A_v_e_n_g_e_r

"Burma.409" hits files with extension *.COM, *.EXE, *.ZIP, *.DAT, *.SYS, *.OVL. It erases the disk sectors, it also contains the internal text string:
Tempest - _ Of LuxemburgVaginal Discharge

[Note: "_" = high-ASCII chars, cannot be displayed in simple HTML]

Home