Virus Database

Macro.Word97.Cyberhack

Description Macro.Word97.Cyberhack

This virus contains 25 macros in module "CyberHack": coba, CyInit, CyClose, Dok2Nor, Nor2Dok, Cyber, Tahan, Simpan, AutoOpen, FileClose, FileOpen, FileSaveAs, FileSave, HelpAbout, FileExit, ToolsOptions, FileNew, FileTemplates, ToolsMacro, ToolsCustomize, ToolsCustomizeKeyboard, ViewVBCode, Organizer.
The virus replicates on executing any auto macro, i.e. on opening documents, closing, saving etc.
The virus erases the menu item Tools/Macro. It also disables macros-viewing hot keys. On Friday on entering the menu item Help/About or on closing Word application the virus displays a form containing an image of virus' authors and their names.

The virus also contains the comments:
Macros By WinK'S Hacker
Picture By Casper Satan
Lebih baik mencoba dari pada tidak tahu sama sekali all
Mohon ma'af bila telah mengganggu Anda.
Microsoft memang gila ! Nambahin fasilitas pemrogramannya
keterlaluan untuk suatu word prosesor.
jangan harap kau datang lagi padaku

Check other viruses! Be aware! Use Antiviral Software

Mirea_II.4157

Description Mirea_II.4157

It is a dangerous nonmemory resident parasitic polymorphic virus. It searches for EXE files and writes itself to the end of the file. While searching and infecting it uses only absolute read/write calls INT 25h/INT 26h. It has the errors and in some cases corrupts the files while infecting them. Depending on its random counter the virus displays the message in Russian.

Mirkis.4292

Description Mirkis.4292

It is a harmless memory resident multipartite stealth virus. It infects the MBR of the hard drive and writes itself to the end of COM and EXE files, the virus is encrypted in files. It does not infect the MBR under DOS 7+ (Windows). The virus does not manifest itself in any way. It contains the text:
TYSON greeting Mir.Kis & Ro.Ch 4.97 POLAND

On loading from infected MBR the virus hooks INT 13h, waits for DOS loading and hooks INT 21h. While executing an infected file the virus hooks INT 13h, 21h and writes itself to the end of files that are executed or closed. When programs are terminates the virus also searches for COM and EXE files in current directory and infects them.
On opening an infected files the virus disinfects them (stealth). The virus does not infect several utilities and anti-virus programs: *SC??, *PR??, *MA??, *MS??, *TB??, *AV?? (SCAN, F-PROT, COMMAND, TBAV, e.t.c.). When CHKDSK or MEM utilities are executed, the virus patches the memory allocation blocks to hide its TSR copy. When anti-viruses MKS_DEMO, MKS_VIR or F-PROT are executed, the virus adds new options to the command line (/NOMEM or /M), and turns off anti-virus memory scanning. When Windows is started, the virus adds a parameter to the command line to disable 32-bit disk access. When PKZIP, ARJ or RAR are executed, the virus temporary disables its stealth routines.
The virus attempts to infect the MBR of the hard drive when any program is terminated. To read/write the MBR sector the virus uses direct reading/writing to hardware ports. By using INT 13h the virus then runs stealth routine that cancels reading/writing infected MBR.

Home