Nutmeg.4096
Description Nutmeg.4096
It is a harmless memory resident multipartite virus. It infects EXE files and the MBR of the hard drive. The most interesting feature of this virus is the fact that it is mostly written in Pascal (high level language), except the virus loader's code that is executed on booting from infected disk. The main virus code is also compressed by LzExe utility - the result virus is just 4Kb of length, but the unpacked EXE virus image is about 10Kb.
When an infected file is executed, the virus drops its code to the hard drive: it saves a loading program to the MBR of the hard drive and the complete virus body to the followed disk sectors. The virus then temporary disinfects and executed the host file, hooks INT 28h and stays memory resident. On each INT 28h call (DOS idle) the virus gets the active program name and infects it. While infecting the virus shifts the file down by 4096 bytes and writes its code to the top of the file.
On loading from infected MBR the virus hooks INT 1Ch (timer), waits for DOS loading process, then hooks INT 21h and releases INT 1Ch. On executing first program the virus creates on C: disk randomly named file, writes to there 4Kb of complete virus code (compressed EXE file) and adds reference for this file to the end of C:AUTOEXEC.BAT file. When this virus dropper is executed from the AUTOEXEC.BAT when DOS continues its loading, the virus runs as being executed from infected EXE files (installs memory resident etc), but also removes the reference from AUTOEXEC.BAT and deletes its host file.
The virus contains the text strings:
AUTOEXEC.BAT
[NUTMEG2] by Vecna/29A
This virus was written in Brasil, in 1998
QUEREMOS ROMARIO DE VOLTA NA SELECAO, ZAGALLO BURRO
Check other viruses! Be aware! Use Antiviral Software
Swalker.1266
Description Swalker.1266
It is not a dangerous memory resident parasitic virus. It hooks INT 1Ch, 21h and writes itself to the end of .COM files that are executed or opened. Sometimes it changes the keyboard flags. It contains the text string:
Sleepwalker. (c) OPTUS 1993.
Swapper family
Description Swapper family
This is a dangerous nonmemory resident polymorphic virus. It searches for COM files, then writes itself to the end of the file. The virus has a bug and can corrupt files while infecting them. Such files halt the system when infected. The virus contains the text string:
Swapper
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Dåpskjoler
Get Healthy
Boob Enlargement Pills
Mac Vs Dell
Casserole Recipe
|