Virus Database

Parity.a

Description Parity.a

This is a dangerous memory-resident boot virus. It hooks INT 9, 13h and infects floppy boot sectors and hard drive MBR on reading from these sectors. By using INT 9 (keyboard) this virus hooks warm reboot (Alt-Ctrl-Del) and calls INT 19h (reboot). Sometimes this virus decrypts and types the message "PARITY CHECK" and then hangs up the computer.

Check other viruses! Be aware! Use Antiviral Software

Backdoor.Ruledor.c

Description Backdoor.Ruledor.c

This program is part of the backdoor family of malicious programs intended for remote administration.
The victim computer can be remotely controlled and caused to execute the commands described in the file http://sds.cl**ch.com/ie/control.dat. The program downloads this file when starting.
Backdoor.Ruledor.c can also download and install other programs unnoticed.
Some incidents have been detected where a wide range of AdWare and Trojans have been downloaded and installed.
Installation
The program creates the directory ClearSearch in the Program Files folder, copies itself to this directory under the name loader.exe and registers as an autorun key in the system registry:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Other
When the system is started, the program deletes all Browser Helper Objects (BHO) not installed by the program.

Backdoor.SdBot.gen

Description Backdoor.SdBot.gen

This is a family of backdoor malicious programs, which provide the user with remote control over victim machines. This is achieved by sending commands via IRC channels.
Installation
Depending upon the program version, the backdoor either copies itself either to the Windows System directory or to other directories located in the System directory. The program also registers a copy of itself in the system registry, which ensures that it will be executed when Windows is started:
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
The registry value will vary according to which version of the backdoor has infected the machine.
Payload
Backdoor.SdBot connects to a range of IRC servers, then connects with a channel that is hard coded into its body. It is then ready to receive remote commands, such as downloading and executing remote files, acting as an IRC proxy server, joining IRC channels, sending messages via IRC, and sending UDP and ICMP packets to remote computers.

Home