Virus Database

Backdoor.Afcore.q

Description Backdoor.Afcore.q
Afcore is a backdoor Trojan program that appears as a Windows application file (.dll file) with a size of about 110KB. The Trojan has numerous functions that give 'evildoers' almost full control of victim computers.
Infected message body text contains the following:
If you read this, then this program was probably stolen from our laboratory. Author of this software is not responsible for any harm that may be caused by incompetent or malicious persons who use this software possibly running on your machine. Therefore, please remove this software as soon as possible. Click the "Start" menu, select "Run", enter there: rundll32 ,Uninstall and click "OK"
Upon being launched (executed) the backdoor program installs itself into the supplemental file stream of the NTFS that is associated with the system32 catalog system.
The backdoor registers itself into the system registry auto run key:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun (assigned name) =
rundll32 (path to the backdoor program),(options)

The file name is formed from a combination of arbitrary symbols.
The backdoor program has several options that it can use:
DebugBreakpoint
DebugInit
Init
InitService
SpawnedInit
Uninstall

To remotely uninstall itself from victim machines the backdoor uses the following command:
rundll32 ÄÉÓË:\%windir%system32:(name of the backdoor.dll file),Uninstall

When the uninstall command is sent, the afcore virus uninstalls itself from the system registry and remaining only in the file stream and is no longer managed by the start system. To remove the afcore backdoor program from the file stream it is necessary to use a special utility.

Check other viruses! Be aware! Use Antiviral Software

Macro.Word.Goldsec

Description Macro.Word.Goldsec

This is an encrypted Word macro virus. It contains three macros: AutoOpen, VisuaLand, FileSaveAs. The virus infects the global macros area (NORMAL.DOT) on opening an infected document (AutoOpen) and writes itself to documents that are saved with new name (FileSaveAs).
The virus contains lots of comments and text dialog box. When run, the virus displays the MessageBox:
The Full Powered by VisuLand Technology
----------------------------------------------------------------
Virus: VisuaLand.WinWord
Author: Milky Wahyudi Widjaya
VRating: Make First WordMacro.virii (Concept)
Compiler: WordMacro in ToolsMacro
(C) 1983-1994 Microsft Corporation
Copyright: (C) 1997 VisuaLand Technolgy
Utilities: VLWVG - VisuaLand Word Virus Generator 1.00
Created by Milky Wahyudi Widjaya (PresDir VL
Last Update: 01-01-1997
VL Office: Visualand Technology (VISUALAND-DOM)
Jl. H. Marzuki No.37, RT 06/03
Jakarta, 11530
Indonesia
Dedication: - McNamara (Concept was created by you???)
- Eko Sulistiono (MD)
- All VirMarker in the World
Thank's: God
-----------------------------------------------------------------

The virus adds the item "About VisuaLand Technology GoldSecretall" to the "Help" menu, on entering the virus displays:
About VisuaLand Technology...
OK, Concept was updated, please look VisuaLand.Winword. I hope
you easy study again, because VisuaLand is the best virii in 1997. If you
have have any comment, please email to me: visualand@visualand.com,
bye... VisuaLand Technology CyberWorld WebSite in
http://www.visualand.com Welcome to VisuaLand Technology GoldSecret
îisuaLand Technology is a member in Internet, about research && creator
irii. We are the first creator virii (Document MS-Word). Concept virii,
is the my research. Concept is not wild, but Concept only for tutorial,
how to create some virii in Microsoft Word. It's illegal to use baby...
Some people said that first WordMacro virus was created by McNamara,
but it's bullshit. Concept was created by Milky Wahyudi Widjaya (PresDir
of VisuaLand Technology). from Jakarta - Indonesia. It's my GoldSecret!
Milky Wahyudi Widjaya - VisuaLand

Macro.Word.GoodNight

Description Macro.Word.GoodNight

This macro virus contains 10 macros: AutoExec, AutoExit, AutoClose, FileClose, FileCloseAll, FileSave, FileSaveAs, FileOpen, AutoOpen, Exit. It infects the system on AutoOpen and FileOpen, it writes itself to documents on AutoExit, AutoClose, FileClose, FileCloseAll, FileSave, FileSaveAs, Exit. Depending on the system timer the virus forces Word to exit. It contains the text:
GoodNight Virus

Home