Virus Database

Nautilus family

Description Nautilus family

These are nonmemory resident encrypted parasitic viruses. They search for .COM files, then write themselves to the end of the file.
Nautilus.1712
It is not dangerous virus. It infects files in current directory only. On 1st of any month it displays the message:
Prospero Virus
(C) Opic [CodeBreakers '98]

and then prints the text:
******************PROSPERO!**************************
There is a path to the trancendece of the dollar: Embark
rich beggars! Does magic bring prosperos to his knees?
Reading pretty twilight, making grass uncertain?
Oh,all that christmas snow shouldered by one birthday suit!
The fate of the world under his armpit like a thermometer?
Rejoice Villains! Your time has come.
**************(C) Opic [CodeBreakers,98]*******************

Nautilus.1824
It is not a dangerous polymorphic virus. It searches for files in current directory, then jumps to parent directories, then to DOS, then to WINDOWS, then to WINDOWSCOMMAND directories and infects up to seven .COM files in there.
On November 6 the virus also searches for *.TXT files and writes the text to the end of them:
The year 1866 was made notable by a series of bizarre
events, a chain of mysterious phenomena which have never
been explained, that I am sure no one has forgotten.

Starting from 23:00 the virus displays the message before return to the host program:
Thus ends the voyage under the seas.

The virus also contains the text strings:
*.com *.txt dos windows command ..
[Nautilus]
Sea4, Codebreakers

Check other viruses! Be aware! Use Antiviral Software

SH.2062

Description SH.2062

It is a very dangerous memory resident parasitic virus. It hooks INT 8, 9, 13h, 21h and writes itself to the end of COM and EXE files that are executed.
While infecting a file the virus gets the system date, adds random value (0-15 days) to this date and saves the result as a trigger date. On trigger date the virus runs its effects: manifests itself by some video effect, beeps on INT 21h calls, depending on its random counter disables writing to disks via INT 13h (that may corrupt the data on disks), changes the keyboard flags and the data in keyboard buffer.
The virus contains the ID-string:
SH

Shadow Family

Description Shadow Family

These are very dangerous memory resident parasitic encrypted viruses. They hook INT 21h and write themselves to the end of COM and EXE files that are executed or loaded as overlays. "Shadow.1702" also intercepts FindFirst/Next DOS call (DIR command), and infects the files that are listed.
The viruses (except "Shadow.1702") have an error in the infection routine, and as a result the infected COM files are not recoverable. These viruses also overwrite the '*BBS*.*' files, "Shadow.1702" writes a trojan program to there, that program "clears" the screen by using VGA tricks and halts PC.
The viruses contain the text strings:
"Shadow.1185,1200": [Shadow] NecroSoft Enterprises-a division of BCA
Greets to SKISM
"Shadow.1702": [Shadow-B/2] NecroSoft Enterprises - a division of BCA
Greets to SKISM

Home