Nephew.2906
Description Nephew.2906
These are dangerous memory resident encrypted parasitic viruses. They hook INT 21h and write themselves to the end of COM and EXE files that are executed. The viruses delete the anti-virus data files: CHKLIST.MS, CHKLIST.CPS, ANTI-VIR.DAT, CHKLST.TAV, SMARTCHK.TAV. The viruses do not infect the files: HIEW, SAFE, SOS e.t.c. according to strings (four letters per name):
HIEWSAFESOS./WD.WARNCPAV
ADINANTIAIDSVIRUVIR.SCANRWEBLD.EGUARCLEA
The viruses also attempt to overwrite files from the second string (ANTI, AIDS, VIRU, VIR., SCAN, e.t.c.), but fail to do that because of a bug. They attempts to overwrite these files with a program that displays the message:
+--------------------------------------------------------------------+
| U N R E G I S T E R E D P R O G R A M ! |
+--------------------------------------------------------------------+
This version is NOT freeware, you MUST register it!
Call (+7-095)135-6253, 137-0150
The viruses scan DOS kernel, look for the DSKREET driver and patch its code with a call to virus routine. In this patch the virus sets some flags and depending on them writes some data to last disk directory sectors. It writes by using old style calls only and is able to do that only with disks with 32M or less disk space. The virus also uses
The virus also contains the text string:
(=) Big Nephew (=)
Check other viruses! Be aware! Use Antiviral Software
Piz.2025
Description Piz.2025
It is a dangerous memory resident parasitic encrypted virus. It hooks INT 1Ch, 21h, and writes itself to the end of COM and EXE files that are accessed. Under debugger the virus erases the CMOS. Sometimes it displays the message:
+---++ + +-+ ++ +--+ + +
| || ++ -++ ++| +-- | |
+ ++--+++---+++-+++---++---++
npuxogum He3aMemHo all. >-E
Pizelun.3599
Description Pizelun.3599
It is not a dangerous memory resident parasitic encrypted virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are accessed. On DOS calls GetDir it searches for the files and infects them. On May, 1995 it hooks INT 8, 10h, 15h also and manifests itself in different ways: blinks with Num/Caps/ScrollLock indicators, changes the video palette, lower-cases the strings are displayed, intercepts Alt-Ctrl-Del and halts the system with video and sound noise, displays the message:
PIZELUN attivato, attivatissimo!
Premere un tasto per continuare . . .
It also contains the text string:
Alüra? ALF
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Cash Advance
Ctx
Domänregistrering
Catsuit
Jeux De Naruto
|