Virus Database

Peach.887

Description Peach.887

It is not a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files. It writes 13h bytes of Jmp-Virus routine to the beginning of COM files.
The virus deletes the CHKLIST.CPS file, and sometimes writes to the BIOS data area at the address 0040:00FC the string:
Roy CuatroNo 2 Peach GardenMeyer Rd. Spore 1543

Check other viruses! Be aware! Use Antiviral Software

Mel.1536

Description Mel.1536

It is not a dangerous nonmemory resident parasitic virus. It searches for EXE files of the current directory and writes itself to the end of the file. Depending on the system timer the virus displays the messages:
All in All, You are just another BRICK in the WALL (MEL)
Hey dla:AS,JS,ZN,AD,BC,PC&PW,MS,HL,JZ,GR,DB i M.P.(ZZZ,but right) !! SIE MA
!!
all All very clear in the theatre tonight ...
Wirus calkowicie nieszkodliwy, jak jestes enough dobry to napisz
szczepionke
MKSa to sobie daruj,bo tu jest do niczego. Pracuj dalej na luzie
!!!!!!!!!!!
MEL Power Virus SystemDunderfunkFortranKiller1.0

Melissa.bg (a.k.a. "Resume worm")

Description Melissa.bg (a.k.a. "Resume worm")

This is one more variant of the "Melissa" virus with a very dangerous payload routine and an unlimited (by number of recipients) mailing routine. The virus only sends infected messages by using MS Outlook and does not infect any other files on the computer, so it can be classified as an Internet Worm.
The virus arrives as an e-mail message with an attached Word document.
The message Subject looks like follows:
Resume - Janet Simons
The message Body is:
To: Director of Sales/Marketing,
Attached is my resume with a list of references contained within. Please feel free to call or email me if you have any further questions regarding my experience. I am looking forward to hearing from you.
Sincerely,
Janet Simons.
The attached document contains two macros that are activated upon document opening and closing (Document_Open, Document_Close). Upon opening an infected document, the virus connects to MS Outlook, gets access to the address book and sends infected messages to all addresses listed there. The virus creates a "personal" message to each address, so it sends as many messages as there are addresses in the Outlook address book.
Upon document closing, the virus saves its document with the EXPLORER.DOC name in the Windows startup folder:
C:WINDOWSStart MenuProgramsStartUpExplorer.doc
As a result, this virus copy will be activated upon each Windows start-up. The name of that file is "hardcoded" in the virus body, so this feature is successful only when Windows is installed in exactly that directory.
The virus also creates the C:DATA directory and stores its copy in there with the NORMAL.DOC name:
C:DataNormal.dot
The virus then runs its payload routine. It erases all files in root directories on all drives from C: to Z:, as well as in directories:
C:My Documents*.*
C:WINDOWS*.*
C:WINDOWSSYSTEM*.*
C:WINNT*.*
C:WINNTSYSTEM32*.*
The virus code also contains the text strings:

'----------------------------------------------------------'
' Better You Than Me Buddyall '
' ... Hope You Like My vIrUs '
' :) '
' :( '
'----------------------------------------------------------'

Home