Virus Database

Backdoor.Afcore.q

Description Backdoor.Afcore.q
Afcore is a backdoor Trojan program that appears as a Windows application file (.dll file) with a size of about 110KB. The Trojan has numerous functions that give 'evildoers' almost full control of victim computers.
Infected message body text contains the following:
If you read this, then this program was probably stolen from our laboratory. Author of this software is not responsible for any harm that may be caused by incompetent or malicious persons who use this software possibly running on your machine. Therefore, please remove this software as soon as possible. Click the "Start" menu, select "Run", enter there: rundll32 ,Uninstall and click "OK"
Upon being launched (executed) the backdoor program installs itself into the supplemental file stream of the NTFS that is associated with the system32 catalog system.
The backdoor registers itself into the system registry auto run key:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun (assigned name) =
rundll32 (path to the backdoor program),(options)

The file name is formed from a combination of arbitrary symbols.
The backdoor program has several options that it can use:
DebugBreakpoint
DebugInit
Init
InitService
SpawnedInit
Uninstall

To remotely uninstall itself from victim machines the backdoor uses the following command:
rundll32 ÄÉÓË:\%windir%system32:(name of the backdoor.dll file),Uninstall

When the uninstall command is sent, the afcore virus uninstalls itself from the system registry and remaining only in the file stream and is no longer managed by the start system. To remove the afcore backdoor program from the file stream it is necessary to use a special utility.

Check other viruses! Be aware! Use Antiviral Software

Skater.664

Description Skater.664

These are memory resident not dangerous parasitic polymorphic viruses. They hook INT 10h, 21h and write themselves to the end of COM files that are executed or opened. Sometimes they display the message:
I love Tonya Harding, The best womens Figure Skater in history.
Now Tonya, Do that triple axle and kick Kristi Yamaguchi's arse
- Australian Parasite -

"Skater.664" is a harmless virus, it hooks only INT 21h and does not manifests itself.

Skew.441

Description Skew.441

These are memory resident viruses. They copy themselves into Interrupt Vectors Table and hooks INT 21h. They write themselves to the end of the executable files.
Skew.441,445,469
These are not dangerous EXE viruses. They write to video ports some data, and as a result the screen is shifted (EGA monitor) or shaked (CGA and VGA monitor).
Skew.458
It is a dangerous memory resident COM virus. It also hooks INT 1Ch and sometimes corrupts the files or erases the disk sectors.

Home