Macro.Word.Sam
Description Macro.Word.Sam
This is a very dangerous Chinese specific encrypted macro-virus. It contains seven macros: AutoOpen, AutoExec, AutoNew, FileSaveAs, ToolsMacro, FileTemplates, and Monday.
The virus infects the system and documents upon AutoNew, AutoOpen and FileSaveAs calls. It contains the following comments:
Created by Samuel Lin
Latest Date Feb 8 '97
On Mondays at 10:00, the virus overwrites the C:AUTOEXEC.BAT file with the following commands:
@echo off
cls
echo HAVE A GOOD TIME
echo --Taiwan Dark Monday--
echo y|format c: /u /v:MONDAY >nul
deltree /y c: >nul
Then it displays the MessageBox:
Taiwan Dark Monday
Today is Monday, do you work hard?
It's tea time now!
Let's go out and have some funall
On Mondays with the date 13t, it deletes the C:WINDOWS*.INI files and displays the following Message Box:
It Is Dark Monday...
On Mondays on any another date, the virus clears the contents of the current document and displays the following Message Box:
Taiwan Dark Monday
Today is Monday, did you work hard?
Let's take a rest and have some fun... :-)
Upon FileTemplates calls, the virus erases the current document and displays the following Message Box:
Taiwan Dark Monday
Go ahead! Make my day! ! !
It then inserts the text "TAIWAN DARK MONDAY" into the current document and prints it.
Upon ToolsMacro calls, the virus sets the password "Samuel" to the current document, then displays the following Message Box:
Taiwan Dark Monday
You may insert password to access here... ^_^
and waits for "Samuel" input. In case of wrong string, the virus displays:
Taiwan Dark Monday
WRONG PASSWORD!!!
You don't have right to execute this macro command!! :P
Access Denied!!!
Check other viruses! Be aware! Use Antiviral Software
Marzia.2048.WW
Description Marzia.2048.WW
This is a dangerous memory resident multipartite stealth virus. On execution of infected file it infects MBR of hard drive. Then it hooks INT 13h, 21h. On loading from infected sector it hooks INT 13h, waits for DOS loading and hooks INT 21h. On accessing to infected MBR (virus checks it by using INT 13h hooking) it substitutes it by not infected one. By hooking INT 21h the virus intercepts the files for infection.
On installation it traces INT 13h and hooks INT 1Ch. It writes itself at the end of COM and EXE files are executed or closed. On opening of the infected file this virus cures it.
Depending on current date the virus erases the hard drive sectors or call INT 24h. On calling INT 21h, AX=3031h the virus decrypts and displays the message:
Virus Development Software
(c)92 PETUNIA virus
Written by Willi Wonka
Fago industries (c)1991
It contains the internal text strings also:
MARZIA WWMARZIA
Marzia.2048.WW.b
Description Marzia.2048.WW.b
This is a dangerous memory resident multipartite stealth virus. On execution of infected file it infects MBR of hard drive. Then it hooks INT 13h, 21h. On loading from infected sector it hooks INT 13h, waits for DOS loading and hooks INT 21h. On accessing to infected MBR (virus checks it by using INT 13h hooking) it substitutes it by not infected one. By hooking INT 21h the virus intercepts the files for infection.
On installation it traces INT 13h and hooks INT 1Ch. It writes itself at the end of COM and EXE files are executed or closed. On opening of the infected file this virus cures it.
Depending on current date the virus erases the hard drive sectors or call INT 24h.
It contains the internal text strings also:
(c)93Virus Development Software
WW34V
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Balustrady Ze Stali Nierdzewnej
Firma Andreas Redin
Gudruns KontorstjÄnst
Gpa Klipp
Motorhandel Helsingborg Ab
|