Virus Database

MSU4.2000

Description MSU4.2000

It is a dangerous memory resident polymorphic parasitic virus. It hooks INT 21h and writes itself to the beginning of COM (except COMMAND.COM) and EXE files that are executed or opened. It has the bug and halts the system while infecting EXE files. On infecting the virus creates the temporary file DOC_MOC.MOC, writes the virus into there, appends the file, and rename the DOC_MOC.MOC file to the name of that file. The virus contains the text string:
MSU 4 113 P.D. 1994

Check other viruses! Be aware! Use Antiviral Software

Multiani

Description Multiani

This is a dangerous memory resident boot virus. It hooks INT 13h and writes itself to boot sectors of the floppy disks and to the first boot sector of the hard drive. While infecting a sector, the virus patches the code of the standard boot routine in the boot sector. The virus writes, to the beginning of that routine, the JMP instruction, and writes the virus loader (37h bytes) to the area of the system error messages at the offset 01A4h. Then the virus writes its main code to the last sector of the root directory.
While loading from such a sector, the standard boot routine is interrupted by the patched code; the virus loader receives the control, reads the main virus code, hooks INT 13h, and returns control to the standard boot routine.
This way of infection corrupts the code of the not-MS-DOS boot sectors, and the system halts while loading from the infected disk.
In December the virus displays the following message:
La multi ani !

The virus also contains the following text strings, the second string is encrypted:
SoSo3
! ina itlum aL

MultiLevel.3072

Description MultiLevel.3072

It is a very dangerous memory resident polymorphic and stealth parasitic virus. While executing an infected file the virus traces INT 21h to get its original address, hooks INT 22h (DOS function Terminate), releases the control and waits for termination of the host program. Then it hooks INT 21h and stays memory resident.
While accessing to the files the virus infects them. While reading, writing or opening an infected file the virus calls the stealth routine, and in some cases disinfects the file. While infecting a file the virus generates the polymorphic code that contains several decryption loops. The number of these loops depends on the system timer.
The virus checks the file name and does not infect the files:
*AIDS*.EXE *CHKD*.EXE *WEB*.EXE *SCAN*.EXE *PROT*.EXE *AR*.EXE *ZI*.EXE
*TB*.EXE *COMM*.COM *WIN*.COM

Depending on the system date (Sunday 2nd, Monday 4th, Tuesday 6th, Wednesday 8th, Thursday 10th, Saturday 12th) the virus erases the hard drive sectors and reboots the computer.
The virus contains the text strings:
Multilevel Encryptor v1.0. Generation:
-=Killer=-
8 in 1

Home