Virus Database

Osiris.299

Description Osiris.299

It is not a dangerous nonmemory resident parasitic virus. It searches for .COM files and writes itself to the beginning of the file. On September 30th it decrypts and displays the message:
Osiris Presents " The Trish Virus " Luv and Hugs OSiRiS

Check other viruses! Be aware! Use Antiviral Software

Melissa.bg (a.k.a. "Resume worm")

Description Melissa.bg (a.k.a. "Resume worm")

This is one more variant of the "Melissa" virus with a very dangerous payload routine and an unlimited (by number of recipients) mailing routine. The virus only sends infected messages by using MS Outlook and does not infect any other files on the computer, so it can be classified as an Internet Worm.
The virus arrives as an e-mail message with an attached Word document.
The message Subject looks like follows:
Resume - Janet Simons
The message Body is:
To: Director of Sales/Marketing,
Attached is my resume with a list of references contained within. Please feel free to call or email me if you have any further questions regarding my experience. I am looking forward to hearing from you.
Sincerely,
Janet Simons.
The attached document contains two macros that are activated upon document opening and closing (Document_Open, Document_Close). Upon opening an infected document, the virus connects to MS Outlook, gets access to the address book and sends infected messages to all addresses listed there. The virus creates a "personal" message to each address, so it sends as many messages as there are addresses in the Outlook address book.
Upon document closing, the virus saves its document with the EXPLORER.DOC name in the Windows startup folder:
C:WINDOWSStart MenuProgramsStartUpExplorer.doc
As a result, this virus copy will be activated upon each Windows start-up. The name of that file is "hardcoded" in the virus body, so this feature is successful only when Windows is installed in exactly that directory.
The virus also creates the C:DATA directory and stores its copy in there with the NORMAL.DOC name:
C:DataNormal.dot
The virus then runs its payload routine. It erases all files in root directories on all drives from C: to Z:, as well as in directories:
C:My Documents*.*
C:WINDOWS*.*
C:WINDOWSSYSTEM*.*
C:WINNT*.*
C:WINNTSYSTEM32*.*
The virus code also contains the text strings:

'----------------------------------------------------------'
' Better You Than Me Buddyall '
' ... Hope You Like My vIrUs '
' :) '
' :( '
'----------------------------------------------------------'

MemEater

Description MemEater

It is not a dangerous memory resident boot virus. It hooks INT 13h and writes itself to the boot sectors of floppy disks that are accessed.
While infecting the floppy disk the virus stores in its code the current day and month. While loading from that disk the virus decreases the size of the system memory by 1K, if the system is loading from the floppy disk that has been infected on the same day. In another case the virus decreases the system memory by 2K, and stores new date and month, then by 3K, 4K, e.t.c.
As the result, each day the virus "eats" more system memory, than the day before.

Home