Virus Database

PHP.Pirus

Description PHP.Pirus

This is the first known virus infecting PHP script programs (Hypertext Preprocessor scripting language, see http://www.php.net for more details). It was discovered in October 2000.
When the virus is activated, it looks for all .PHP and .HTM files in current directory and infects them. The infection is done in quite silly way. The virus does not write its complete code to the file, but just a reference to the virus file: the virus adds one command to the end of the file, and that is "include virus file" command that refers to virus code.
When an affected file is opened, the PHP scripting machine processes that "include" command as well, gets (reads) complete virus code from virus file and activates it.
As a result, the virus copy presents on the computer in just one instance. All infected files just refers to that copy. Because of that infection way the virus cannot spread from a computer to other computers, but is able to operate inside one computer only.
The virus contains the text "pirus.php".

Check other viruses! Be aware! Use Antiviral Software

Leonard.1179

Description Leonard.1179

These are harmless memory resident encrypted parasitic viruses. They hook INT 21h and write themselves to the end of COM and EXE files that are accessed. While infecting a file the viruses temporarily rename it to TMP01431.$$$. The viruses do not manifest themselves in any way. They contain the text:
(c) Leonard. Constanta, Romania.

Leonardo.2085

Description Leonardo.2085

It is a dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are executed. The virus deletes the anti-virus databases: ANTI-VIR.DAT, FINGERP.VVF, FILES.VVL, CHKLIST.MS, *.CRC. Depending on the system time the virus displays the message:
This is Leonardo - another virus Ninja Turtle
Press any keyall.

The virus also contains the text:
Origin :Slovakia (not Hungaria or Austria)

Home