Virus Database

Mendoza.3380

Description Mendoza.3380

It is a very dangerous memory resident parasitic polymorphic virus. It hooks INT 20h, 21h, 23h, 27h and writes itself to the end of COM and EXE files that are executed or opened.
Being executed the virus decrypts itself, infects the DOSKEYB.COM file (if there is such one) and executes the host file. By hooking the interrupts listed above the virus intercepts the termination of the host file, and stays memory resident.
While executing a file the virus checks the file name and does not infect the files:
COMMAND.COM PCVIR.EXE CLEAN.EXE POWER.EXE SHARE.EXE LOADHI.COM EMM386.EXE
SETVER.EXE

The virus also checks the code of the file and does not infect the files that are packed by PKLITE compression utility. When the infection is complete, the virus searches for the PKLITE.EXE file by using "PATH=" string in Environment area, and executes it to force PKLITE.EXE to compress the file that has been just infected. As a result, the infected files may stay not compressed if there are no PKLITE utility, or compressed by PKLITE, and the infected file length may be lesser than before infection. While compressing a file by the PKLITE utility the virus disables output to the screen to hide the PKLITE activity.
The virus deletes the files CHKLIST.MS and SMARTCHK.CPS. Depending on the system date and time the virus erases the disk sectors, reboots the computer, displays the message:
(c) Mendoza's 1995

Check other viruses! Be aware! Use Antiviral Software

SeeYou family

Description SeeYou family

These are very dangerous memory resident partly encrypted boot viruses, stealth. They infect the boot sector of C: drive as well as boot sector of floppy disks. While loading from infected disk they reserve a block of memory by decreasing the size of DOS memory (the word at the address 0000:0413), copy themselves to that block, hook INT 13h, wait for DOS loading process, hook INT 21h and on first execution of DOS program (usually - COMMAND.COM) they allocate a block of DOS memory, copy themselves to there and restore the original size of DOS memory. As a result they hide themselves between DOS kernel and resident copy of COMMAND.COM.
Depending on the system date they erase disk sectors and displays one of the messages:
See you later all
Happy birthday, Populizer !

Segal.552

Description Segal.552

It is a harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the end of EXE files that are executed. The virus does not manifest itself in any way. It contains the text:
-SEGAL(c)MM

Home