Virus Database

PowerPump

Description PowerPump

It is a nonmemory resident companion virus. Being executed it creates DOSPOWER.EXE files with its copy and then searches for .EXE files and creates companion .COM files. The virus writes into these .COM files the small program which executes POWER.EXE instead of original (infected) file. The virus (POWER.EXE file) searches for the files and infects them and then executes the host program. The versions of this virus contains the text strings:
Null pointer assignment
Divide error
Abnormal program termination
A:POWER.TST A:POWER.TST *.com
A: A: B: B: C: C:DOS C: POWER.EXE POWER.EXE
*.EXE power.exe POWER.EXE COM C:DOS POWER.EXE A:POWER.EXE
C:DOSPOWER.EXE EXE

and sometimes display:
"PowerPump": Power Pump v1.2 Virus - Silent But Dead.
"PowerPump.b": Power Pump v1.1 - A New Kind Of Virus
Power Pump v1.1 - The Choice Of A New Generation

Check other viruses! Be aware! Use Antiviral Software

Macro.Word.Stryx

Description Macro.Word.Stryx

This encrypted virus contains four macros:
NORMAL.DOT Infected files
DokumentSchließen DokumentSchließen
DateiSchließen DateiSchließen
Stryx1 StryxOne
Stryx2 StryxTwo

It infects the system on DokumentSchließen and DateiSchließen (FileClose and DocClose).
On December 1st the virus creates the FUNNY.COM DOS trojan and runs it. This trojan creates random named subdirectories on current disk. To drop that trojan the virus saves to FUNNY.SCR file hexadecimal dump and converts it to DOS executable by using DEBUG utility. To do that the virus creates and executes FUNNY.BAT file:
@echo off
debug < funny.scr > nul
@echo off
Funny.com

By using similar way the virus drops the DRACHE.GIF file with an image of a dragon. Then the virus creates new template, inserts this GIF into there and adds the strings:
STRYX!!!!
Look at your HD! :-)
Sorry, but it's so funny!
NJ 1996

Macro.Word.Sunbeam

Description Macro.Word.Sunbeam

This Word macro virus contains three macros: DocClose, SUNBEAM, FileOpen. The virus infects the global macros area (NORMAL.DOT) on closing an active window (DocClose) and writes itself to documents that are opened (FileOpen).
On October 5th the virus creates and executes the random named file (<3 letters of current document name>DIE.BAT) that contains the text:
echo 123>clock$

Home

Viruses from A to Z
0-9 A B Ñ D E F G H I J
K L M N O P Q R S T
U V W X Y Z

    Copyright © 2005 Virus-Database.com
© 2005 Virus-Database.com