Virus Database

Macro.Word.Vicinity

Description Macro.Word.Vicinity

This is an encrypted Word macro virus. It contains three macros: AutoOpen, ExtrasMakro (stealth), QuickSilver. The virus replicates itself when documents are opened (AutoOpen).
The virus replaces the Tools/Macro menu, if there is no text "MFake = no" in the WIN.INI file in the [QuiteVicinity.02] section. If Windows 3.1 is installed, the virus creates the C:SYSLOG1.BAT file and writes to there the command that resets the ReadOnly attribute for some file. The virus then writes the commands to the AUTOEXEC.BAT file:
echo off
call c:syslog1.bat

The virus displays the MessageBox:
Microsoft Word 1.0
Zur Zeit ist keine Dokumentvorlage aktiviert !

Starting from 1997 January 15 the virus searches and replaces: ". SAP" -> ". S+P", "%%%7%%%" -> "%%%8%%%".
Starting from 1997 June 15 the virus creates the C:BOOTLOG.BAT file that is called by AUTOEXEC.BAT and writes the commands to there:
if exist c:w95guardwgfe.exe del c:w95guardwgfe.exe
if exist c:winguardwgfe.exe del c:winguardwgfe.exe

Starting from 1997 August 15 the virus creates the C:SYSLOG2.BAT file with the commands:
echo Datenmuell >> c: etstat.con
attrib -R c: etstat.con
type c: etstat.con >> c: etstat.con

Check other viruses! Be aware! Use Antiviral Software

PME.Burglar.3260

Description PME.Burglar.3260

It is a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the beginning of COM (except COMMAND.COM) and to the end of EXE files that are accessed as well as on FindFirst/Next calls (DIR command). Depending on the system date it displays the message and halts the computer:
Hello! This is [Super Virus-2] all written by Burglar in Taipei, Taiwan

PMM.575

Description PMM.575

It is a harmless nonmemory resident parasitic virus. It searches for COM files, then writes itself to the end of the file. The virus contains the text string:
*PMM r1.0*

That virus uses quite interesting mutation routine. That routine scans the code of the virus, disassembles the instructions, and replaces some instructions with their "synonyms":
XOR Reg,Reg -> SUB Reg.Reg
MOVSB -> MOVSW
MOVSW MOVSB

and so on. As a result, the virus is not encrypted, but in different infected files the code of the virus contains different instructions.

Home

Viruses from A to Z
0-9 A B Ñ D E F G H I J
K L M N O P Q R S T
U V W X Y Z



Ungeziefer
Algarve Car Hire
New Zealand Map
Bygg I TrÄ SÖdra Stor Stockholm

    Copyright © 2005 Virus-Database.com
© 2005 Virus-Database.com