Virus Database

Macro.Word.Tunguska

Description Macro.Word.Tunguska

This is an encrypted Italian macro virus. It contains eight macros: AutoExec, AutoOpen, FileApri, AutoClose, FileSalva, GuidaSupporto, FileSalvaConNome, GuidaInformazioni.
The virus infects the global macros area on opening an infected document (AutoOpen) and writes itself to documents on saving and saving with new name (FileSalva, FileSalvaConNome).
The virus creates two strings in the WINWORD6.INI file in [Microsoft Word] section:
DictionaryHelp=1
DOC-PATH=<NORMAL.DOT directory>

The virus also tries to read from this section two variables: "CheckCRC" and "Debug". If CheckCRC=1, the virus disables its infection routine. If Debug=1, the virus displays many debug MessageBoxes.
The virus contains the comments:
------------------------------------------------------------------------
Virus: TUNGUSKA
------------------------------------------------------------------------
Variabile in Winword6.ini:
CheckCRC$ : se = 1, il virus NON infetta il MIO computer
Debug$ : se = 1, visualizzo i messaggi di Debug
DictionaryHelp$ : se = 1, scattata una certa data
------------------------------------------------------------------------
MACRO Italiane MACRO Inglesi COMMENTO
------------------------------------------------------------------------
AutoClose AutoClose intercetta doppio-click
AutoExec AutoExec intercetta avvio Word
AutoOpen AutoOpen intercetta apertura file
FileApri FileOpen intercetta Dialogo Apri
* FileChiudiOChiudiT. FileClose intercetta chiusura file
FileSalva FileSave intercetta salva file
FileSalvaConNome FileSaveAs intercetta Dialogo SalvaConNome
* FileModelli Templates intercetta Dialogo Modelli
GuidaInformazioni GuidaInformazioni virus
GuidaSupporto GuidaSupporto per controllo presenza virus
------------------------------------------------------------------------

Check other viruses! Be aware! Use Antiviral Software

Bubonic.2181

Description Bubonic.2181

It's a dangerous memory resident parasitic virus. It hooks INT 21h, 6Bh and writes itself at the end of .COM- and .EXE-files when they are accessed. On opening the infected file the virus cures this one. Sometimes it overwrites the files by the trojan program which erases the hard drive sectors and displays: "Ooops, Sorryall". This virus also contains the internal text:
Bubonic[BBP],alpha.02a,fixedFCBbug.Soon:tightercode,anti-(debug,heuristics),norunifanti-virusprog.running(FSP,etc.)bettermemorystealthNEW!genetic,algorithmicdarwin-encryptionandadroplibraryofmanyvirii,alllessthan6k!

Bucharest

Description Bucharest

It is not a dangerous memory resident boot virus. It hooks INT 12h, 13h and writes itself to the MBR of the hard drive and to boot sector of floppy disks. Depending on the system date and time it decrypts and displays the message:
ENJOY THIS BUG! RP VirusLab Bucharest

Home