Macro.Word.Stryx
Description Macro.Word.Stryx
This encrypted virus contains four macros:
NORMAL.DOT Infected files
DokumentSchließen DokumentSchließen
DateiSchließen DateiSchließen
Stryx1 StryxOne
Stryx2 StryxTwo
It infects the system on DokumentSchließen and DateiSchließen (FileClose and DocClose).
On December 1st the virus creates the FUNNY.COM DOS trojan and runs it. This trojan creates random named subdirectories on current disk. To drop that trojan the virus saves to FUNNY.SCR file hexadecimal dump and converts it to DOS executable by using DEBUG utility. To do that the virus creates and executes FUNNY.BAT file:
@echo off
debug < funny.scr > nul
@echo off
Funny.com
By using similar way the virus drops the DRACHE.GIF file with an image of a dragon. Then the virus creates new template, inserts this GIF into there and adds the strings:
STRYX!!!!
Look at your HD! :-)
Sorry, but it's so funny!
NJ 1996
Check other viruses! Be aware! Use Antiviral Software
Kreg.1405
Description Kreg.1405
It is a harmless memory resident parasitic polymorphic virus. It hooks INT 10h, 21h and writes itself to the end of COM and EXE files that are executed or renamed. The virus does not infects the files: *CA?.*, *AN?.*, *ES?.*, *WE?.*, *IN?.* (SCAN, COMMAND, AIDSTEST, WEB, ADINF).
While installing the virus uses a trick that hides the virus on the memory map: the virus copies its INT 21h handler (49 bytes) to BIOS data area at address 0000:04D0, sets INT 21h to there and hooks INT 10h. When any program calls DOS function (INT 21h), the virus compares it with Execute and Rename functions (4Bh, 56h) and calls INT 10h with AX=DEADh. This is an "infect-it" call, and virus INT 10h handler intercepts it and infects a file.
The virus contains the text strings:
[ Gremlin 1.04 / AVL ]
[ KREG 1.01 / AVL !
KrK.800
Description KrK.800
It is a harmless memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are accessed. The virus does not manifest itself, it contains the text:
(c) KrK'96
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Dvi Pinout
Kharkov Women
Social Bookmark Service
Ibs
Postbanken
|