Virus Database

Macro.Word.Milicrypt

Description Macro.Word.Milicrypt

This virus contains 7 macros: ToolsMacro, Sel, FileSave, FileSaveAs, Mili, Crypt, AutoOpen. The virus contains the "copyright" string:
MiliCrypt (C) 1998 by CyberYoda [SLAM]

Infection routines are placed in Mini macro (in documents) or Crypt (in NORMAL.DOT). The virus infects the global macros area on opening an infected document. The document are infected on saving or saving with new name.
On saving documents on disk (FileSave, FileSaveAs) the virus encrypts their contents, and decrypts it on opening (AutoOpen). The encryption key is stored in AutoOpen macro description. As a result while editing the documents are not encrypted, but they have encrypted on disk - the virus realizes on-the-fly en/decryption for infected documents. After cleaning virus macros (disinfecting) documents stays encrypted and useless, so before disinfection that is necessary to save documents contents to some other non-Word-document format (text or RTF).

Check other viruses! Be aware! Use Antiviral Software

Karol.1000

Description Karol.1000

It is a harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the end of EXE files that are executed. While installing and infecting is uses several tricks with redirection of INT 1,8,9 (sets these INTs to subroutines of infection and calls them by INT instruction). The virus contains the text string:
KaRoLmArKs V2.3

Kasimir family

Description Kasimir family

These are dangerous nonmemory resident parasitic viruses. They search for .EXE files and write themselves to the end of the file. Since 1994 they erase the FAT on the C: drive and display the message:
KASIMIR STRIKE NOW!

The viruses also contain the text:
SV00 Lubj

Home