Virus Database

MutaGen-based viruses

Description MutaGen-based viruses

MutaGen (MGen) is a polymorphic generator, like the MtE or TPE generators. It creates the decryption routine and encrypts the virus body, then the virus saves these part of code in file on infection.
There are several different MutaGen versions, they contain the internal text strings:
"MutaGen.090": [MutaGen .90ß] MnemoniX
"MutaGen.095": [MutaGen .95ß] MnemoniX
"MutaGen.100": [MutaGen 1.00] MnemoniX
"MutaGen.110": [MutaGen 1.1]MnemoniX
"MutaGen.12": [MutaGen 1.2] MnemoniX
"MutaGen.20": [MutaGen 2.0] MnemoniX

MutaGen.Agent
These viruses are included in distribution of MUTAGEN generator. Some of them are not memory resident, other stay resident in memory and hook INT 21h. These viruses write themselves at the end of COM-files. They contain one of the strings:
[MutaGenic Agent]
[MutaGenic Agent I]
[MutaGenic Agent II]
MutaGenic Agent ]I[

MutaGen.100.Garden
It's a dangerous not memory resident overwriting virus. It searches for three .COM- and .EXE-files of current directory and overwrites them. It displays the messages:
Not enough memory.
I need 4K more to start myself!
FUCK PEARL JAM!!!!LONG LIVE TECHNO!!!!

It also contains the internal string:
[Garden]This is Garden V1.0.Very simple virus.New version will be better!!!

MutaGen.100.Secret
It's a dangerous not memory resident parasitic virus. It searches for COM-files of current directory and writes itself at their end. On 11th of any month it corrupts COMMAND.COM, displays the messages and reboots computer:
I AM GOING TO FUCK YOUR HARD DISK IF YOU DON'T TYPE THE RIGHT PASSWORD.
DON'T TURN OFF YOUR COMPUTER BECAUSE I ALREADY FUCKED YOUR HARD DISK
AND I WILL FIX IT ONLY IF YOU ENTER THE RIGHT PASSWORD!!!
PASSWORD IS:
FUCK YOU!!! HA HA HA HA!!!

It also contains the internal strings:
[Secret Garden] by Nipple
IN MY SECRET GARDENI'AM LOOKING FOR THE PERFECT FLOWER

MutaGen.110.CF.2055
It's a harmless memory resident parasitic virus. It hooks INT 21h and writes itself at the end of COM- and EXE-files that are executed or opened. It contains the internal text string:
[BW] [Cf-252] MnemoniX Californium-252

MutaGen.110.HiTek.2193
It's a harmless not memory resident parasitic virus. It searches for .COM- and .EXE-files and writes itself at their ends. It contains internal string: "[BW ß] [Hi Tek] by MnemoniX".

Check other viruses! Be aware! Use Antiviral Software

Macro.Excel.Ultras.Freezer

Description Macro.Excel.Ultras.Freezer

This virus infects Excel worksheets. It contains one module "Sheet?" where '?' is '3' or '5' depending on the virus version. The "Sheet?" module contains auto-functions Auto_Open and Auto_Close. The virus module also contains the functions:
Joke
The virus infects the system and files upon opening and closing. It also creates an infected file in the Excel Startup directory, the file name is PERSONAL.XLS or PERSONAL.XLM depending on the virus version.
The viruses delete the Tools/Macro menu (stealth) and anti-virus programs:
C:Program FilesAntiViral Toolkit Pro*.*
C:Program FilesFindVirus*.*
C:f-macro*.*
C:Program FilesCommand SoftwareF-PROT95*.*
C:Program FilesMcAfeeVirusScan*.*
C:Program FilesNorton AntiVirus*.*
The virus displays the following MessageBox on the 14th of any month:
ULTRAS
You Infected XM.Freezer by ULTRAS
and deletes by DELTREE command all files in the C:PROGRA~1 directory. On the 28th of any month, it displays the MessageBox and deletes the files:
C:WINDOWSUSER.DAT
C:WINDOWSUSER.DA0

Macro.Excel.Yohimbe

Description Macro.Excel.Yohimbe

This is an Excel macro virus. The only module (macro) in this virus is named "Exec", it contains three subroutines: Auto_Open, DipDing, PayLoad and one function: SheetExists. Auto_Open routine is auto one, it is called by Excel on opening any file. On this call the virus infects PERSONAL.XLS. In case of any error, the virus infects all active books (files). Before returning the Auto_Open macro sets the DipDing subroutine as a timer handler that is called starting from 4:00pm. This subroutine infects all opened books.
The virus writes the string "Yohimbe" to the sheet header. The virus also sets PayLoad subroutine as called starting from 4:45pm. This routine re-sizes active sheet, draws a picture and inserts the text "FUCK YOU BUDDY" into the sheet.

Home