Pelf.2132
Description Pelf.2132
(aka Lindose)
This is a harmless non-memory resident parasitic multipartite virus. It infects Windows executable files as well as Linux ones (Windows PE files and Linux ELF files).
The virus is written in Assembler, and is about 2.5 Kb in size. It does not manifest itself in any way, and it is like a multiplatform Windows-Linux virus concept.
The virus contains the text strings:
[Win32/Linux.Winux] multi-platform virus by Benny/29A
This GNU program is covered by GPL.
To infect executable files of both systems, and to spread under both these system, the virus routines are separated into two blocks: the former block is activated under Windows, it then looks for Windows and Linux executable files and infects them; the latter block is activated under Linux, looking for executables files and infecting them as well.
The Windows part
It searches for the all files in the current and upper directory, and infects PE files and Linux ELF files (it checks the file type by file format). It infects both types, and has two subroutines for each (Windows version).
The Linux part
This part searches for the all files in the current directory, and infects PE files and Linux ELF files (it checks the file type by file format). It infects both types, and has two subroutines for each type (Linux version).
Infecting Windows PE files
The virus scans for the ".reloc" section. If this section is found, the virus writes itself to the middle of the file. It saves the original Entry Point address, and restores the PE file after it has finished its work.
Infecting Linux ELF files
The virus writes itself to the Entry Point of the file. It saves original data at the end, and saves code from Entry Point and restores the ELF file after finishing its work.
Check other viruses! Be aware! Use Antiviral Software
Datalock.920
Description Datalock.920
This is a memory-resident dangerous virus that infects COM- and EXE-files as they are started. Since August 1990 it blocks opening of .DBF-files. The virus contains the text "DataLock version 1.00" and hooks INT 21h.
Davis
Description Davis
It's a not dangerous memory resident encrypted parasitic virus. It hooks INT 21h and INT 8 (timer). It infects EXE-files only on their execution. Sometimes it beeps several times and types the message:
+--------------------------------------+
¦ DAVIS VIRUS V1.01¦
+--------------------------------------¦
¦ Author : Davis ¦
¦ Date : JUNE/23/1990 ¦
¦ ¦
¦ VIRUS STATION COPY RIGHT (C) ¦
+--------------------------------------+
""" Hi ! How are you today ? Don't worry about ! """
""" DAVIS VIRUS will follow you forever and ever ! """
""" Don't care me! I really do not damage your disk or data. """
""" Butall.......................make Funny to you sometime. """
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
India Canada Calling
Cyprus Property For Sale
Payday Loan Online
Top-designer Carports
Palau Phone Cards
|