Virus Database

AT.Batalia3,Batalia4

Description AT.Batalia3,Batalia4

These are harmless nonmemory resident parasitic BAT viruses. They search for BAT files in the current directory, then infect them. While infecting a file the viruses run the ARJ archiver to the pack necessary files. If there is no ARJ.EXE file in PATH, the viruses fail to replicate themselves.
The viruses contain two parts of code and data. The first part (the header) contains DOS commands:
"Batalia3": "Batalia4":
@echo off @echo off
rem YYY rem BAT4
arj x %0 -g""bÑpß >nul arj x %0 >nul
ren p Int call i
call i del sg
ren Int a.bat del i.bat
echo on
@call a
@echo off
del i.bat
del a.bat
del BATalia3

The second part (the rest) is an ARJ archive. This archive contains the I.BAT file that is the main virus code and the additional files:
"Batalia3": P, BATALIA3
"Batalia4": SG

The SG and BATALIA3 files contain several additional batch commands. The P file contains original code of infected BAT file (in case of "Batalia3" virus).
So, any infected file contains the text strings (DOS commands) and the binary data (ARJ archive).
When executed, the virus runs the ARJ archiver, extracts the files I.BAT and SG and runs I.BAT. This batch file searches for not infected BAT files in the current directory and infects them.
While infecting, the "Batalia4" virus appends its code to the end of files and does not modify the original file contents. "Batalia3" saves original BAT file to ARJ archive (file P) and overwrites it. As a result the length of a file infected by "Batalia3" may be less than before infection.

Check other viruses! Be aware! Use Antiviral Software

Badguy Family

Description Badguy Family

These are dangerous non-memory resident viruses. They overwrite the beginnings of .COM-files of the current directory without storing the old contents of these files. They contain the text: "*.COM".
On Monday, "Badguy.265" creates something with CGA monitor ports, and then hangs-up the computer. It also contains the text "BadGuy Virus (c) by Cracker Jack 1991 (IVRL) Italian Virus Research Laboratory (C) 1990,1991 IVRL Head Quarter, Milan Italy".
On Monday, "Badguy.208" decrypts and types: "New BadGuy Virus - (c) By Cracker Jack 1991 IVRL Head Quarter Milan, Italy".

BadSectors.3150

Description BadSectors.3150

These are dangerous memory resident parasitic viruses. They hook INT 8, 16h, 21h, 25h, 26h. On DOS calls FindFirst/FindNext FCB/ASCII they search for COM and EXE files and write themselves to the end of the file. They also infect the files that are opened, executed or renamed. The viruses do not infect the SCAN.* files. Sometimes they mark the disk clusters as bad ones by manipulation with FAT sectors. By hooking INT 16h these viruses joke with keyboard. These viruses contain the internal text strings:
COMEXE
SCAN

and:
"BadSectors.3150": BadSectors 1.0
"BadSectors.3422": BadSectors 1.1
"BadSectors.3428": BadSectors 1.2
"BadSectors.3627:: BadSectors 1.3

Home