Marzia.2048.WW.f
Description Marzia.2048.WW.f
This is a dangerous memory resident multipartite stealth virus. On execution of infected file it infects MBR of hard drive. Then it hooks INT 13h, 21h. On loading from infected sector it hooks INT 13h, waits for DOS loading and hooks INT 21h. On accessing to infected MBR (virus checks it by using INT 13h hooking) it substitutes it by not infected one. By hooking INT 21h the virus intercepts the files for infection.
On installation it traces INT 13h and hooks INT 1Ch. It writes itself at the end of COM and EXE files are executed or closed. On opening of the infected file this virus cures it.
Depending on current date the virus erases the hard drive sectors or call INT 24h.
It contains the internal text strings also:
SZ VIRUS
WW35V
Check other viruses! Be aware! Use Antiviral Software
Macro.Excel.Legend
Description Macro.Excel.Legend
This is an Excel macro virus. It contains one module (macro) named Legend containing two routines - Auto_Open and Infect. While opening an infected document Excel runs this Auto_Open routine. That routine then sets routine Infect as a SheetActivate handler, i.e. on activation of any sheet Excel will call the Infect routine.
When executed Infect routine infects either PERSONAL.XLS file, or current book (file), depending on the situation - if already infected file is opened, the virus infects PERSONAL.XLS. When not infected file is opened, the virus infects it.
After infecting the virus deletes the Tools/Macro menu item. If UserName is "Pyro" and OrganizationName is "VBB", the virus does not perform any action. Depending on the system date and system random counter the virus displays the message box:
Pyro [VBB]
You've Been Infected By Legend!
Macro.Excel.Lord
Description Macro.Excel.Lord
This virus infects Excel sheets (XLS files). It contains six macros: Auto_Open, cek_global, infectglobal, inFuckIt, Fuck, Auto_Close.
While loading an infected sheet, Excel executes the auto macros auto_open, and the virus takes control. The virus auto_open macro contains a command, which defines the Fuck macro as a handler of OnSheetActivate routine. As a result the virus hooks the sheet activate routine, and while opening a sheet the virus takes control.
When the auto_open macro takes control it searches for LORD.XLM files in the Excel Startup directory. If the infected macro is an active Workbook and the LORD.XLM file does not exist in the Excel Startup directory when the virus is executed for the first time, the virus creates this file and saves its code to it by using the SaveAs command. When Excel loads its modules the next time it automatically loads all XLS files from the Startup directory. The infected LORD.XLM is loaded as well as other files, and the virus takes control and hooks the sheet activation routine.
The virus contains the comments:
------------------------------------------------
Generated with NEG !!. Please include this text
------------------------------------------------
NEG is Trademark of NoMercy
http://www.focus-asia.com/home/NoMercyVirusTeam/Neg.html
VirusName: Lord
Author: Foxz with NEG
Module Name: Lord
Template: LORD.XLM
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Kyoto Japan
Köpa Hemsida
Thailand
SÄvsjÖ VeterinÄrklinik Ab
Jo BrandtjÄnst
|