NYB
Description NYB
this text was written by Mikko Hypponen, DataFellows ltd
The NYB virus is very common all over the world. It is a reasonably simple diskette and Master Boot Record infector. It is only able to infect a hard disk when you try to boot the machine from an infected diskette. At this time the virus infects the Main Boot Record, and after that it will go resident to high DOS memory during every boot-up from the hard disk.
Once NYB gets resident to memory, it will infect practically all non-writeprotected diskettes used in the machine. NYB will allocate 1kB of DOS base memory. NYB is a stealth virus, so the changes made to MBR are not visible as long as the virus is resident.
Every time a floppy disk is accessed, there is a 1/512 chance that the virus activates. Virus then sends the floppy drive head repeatedly from track 0 sector 0 to track 255, sector 62. On standard floppy drives, such areas do not exist.
On some floppy drives there are no validity checking on these values, and so the floppy head might get hit against the stopper again and again. This might cause some physical damage to the floppy drive, but only if the routine is allowed to continue for some time. We've yet to see an actual case where this would have caused real damage to the floppy drive.
There is also another activation routine, which went unnoticed by virus researchers for a long time. The virus will crash the machine, if the hard disk is written to when the hour and minute fields of the system clock are zero (ie. right after midnight). Thanks to Paul Talbot (ptww@aol.com) for pointing this out.
The virus also will corrupt some diskettes seriously while infecting them.
Original NYB has no text strings. "NYB.d" contains the text string:
SVK by RAVEN
Check other viruses! Be aware! Use Antiviral Software
Reboot.715
Description Reboot.715
This is a dangerous nonmemory resident parasitic virus. It searches for .COM files of the subdirectory tree, then it writes itself to the end of the file and writes to the beginning of the file the Jmp-Virus commands (MOV AX,FFF0h; JMP Loc_Virus). Depending on the system time the virus reboots the computer.
RedArc.327
Description RedArc.327
These are dangerous nonmemory resident encrypted parasitic viruses. They search for COM files in the current directory, then write themselves to the end of the file. The viruses use such complex anti-debugging and anti-detection tricks that this may halt the computer, some of them also may corrupt the files while infecting them.
Depending on the system timer the "RedArc.623,665" viruses manifest themselves by a video effect. The viruses contain the text strings:
"RedArc.390,415,600": RedArc // [TAVC]
"RedArc.623": -=* Red Arc *=-
"RedArc.1000":
DemoFraud by RedArc // [TAVC]
SGWW, DVC, FotD, SOS group, TAVC, CiD
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Usb Stick
Cookie Recipes
Parkett
|