Virus Database

Macro.Word.Hyper.a

Description Macro.Word.Hyper.a

This is an encrypted macro virus. It contains nine macros: AutoExec, AutoOpen, FileOpen, FileSave, FileSaveAs, FileTemplates, ToolsMacro, EditAutoText, hyper (in documents) and M<random digit> (in NORMAL.DOT).
The virus infects the global macros area on opening (AutoOpen) or closing (FileClose) an infected document. It infects the documents that are saved (FileSave) or saved with new name (FileSaveAs).
While infecting NORMAL.DOT it creates the hyper-text file BLANK.HTM containing "running text" (Internet Explorer):
Your system has been infected with the WM.Hyper virus.
It looks like you are gonna have to take some remedial action all
(c) Hyperlock, March 1997

The virus creates the NOSTRAD.INI file and writes the text to there:
[virus]
hyper_counter=<¡«¼Ñ »« «½Ñ¡¿ >
author=Hyperlock

If the generation of virus is less than 5 or divisible by 10, the virus deletes the Dr.Solomon anti-virus file's C:TOOLKITFINDVIRU.*
This is a stealth-virus - it hooks File/Templates and Tools/Macro, on entering these menus the virus displays the MessageBox:
Microsoft Word
Not enough memory to perform this operation

Check other viruses! Be aware! Use Antiviral Software

Rasek.1489.b

Description Rasek.1489.b

This is a dangerous memory resident multipartite encrypted virus. While executing an infected file it writes itself to the MBR of the hard drive and hooks INT 13h, 12h. By hooking INT 13h this virus releases the stealth mechanism on reading the infected MBR. It also writes a trojan program to the floppy disk boot sectors. That program erases the hard drive FAT while loading from that floppy. Sometimes the virus also erases the FAT on loading from infected MBR.
By hooking INT 21h the virus infects COM and EXE files that are executed, it writes itself to the end of the files. The virus contains the text string "AND.COM" and does not infect the files that contains that string in their names (COMMAND.COM). The virus also contains the text strings:
"RASEK" v3.0,from La Coruña(SPAIN).Ap93

Rasek.1490

Description Rasek.1490

This is a dangerous memory resident multipartite encrypted virus. While executing an infected file it writes itself to the MBR of the hard drive and hooks INT 13h, 12h. By hooking INT 13h this virus releases the stealth mechanism on reading the infected MBR. It also writes a trojan program to the floppy disk boot sectors. That program erases the hard drive FAT while loading from that floppy. Sometimes the virus also erases the FAT on loading from infected MBR.
By hooking INT 21h the virus infects COM and EXE files that are executed, it writes itself to the end of the files. The virus contains the text string "AND.COM" and does not infect the files that contains that string in their names (COMMAND.COM). The virus also contains the text strings:
RaseK v2.0,from LA CORUÑA(SPAIN).Mar93

Home