PresidentB.1504
Description PresidentB.1504
This is a very dangerous memory resident encrypted multipartite virus. When an infected file is executed, the virus decrypts itself, hooks INT 13h and 21h, and returns control to the host program. While loading from an infected floppy disk, the virus hooks INT 12h and 13h, and waits for the DOS loading process and hooks INT 21h.
The virus then writes itself to the end of COM and EXE files that are executed or loaded as overlays or for debugging. Upon accessing 1.4Mb-floppy disks, the virus infects their boot sectors.
On April 26th, the virus erases the MBR of the hard drive and displays the following message:
** President B ][ **
Check other viruses! Be aware! Use Antiviral Software
BAT.Batalia3
Description BAT.Batalia3
This is the harmless non-memory resident parasitic BAT virus. It searches for BAT files in the current directory, then infectes them. While infecting a file the virus run the ARJ archiver to pack necessary files. If there is no ARJ.EXE file in PATH, the virus fails to replicate itself.
The virus contains two parts of code and data. The first part (the header) contains DOS commands:
@echo off
rem YYY
arj x %0 -g""bÑpß >nul
ren p Int
call i
ren Int a.bat
echo on
@call a
@echo off
del i.bat
del a.bat
del BATalia3
The second part (the rest) is an ARJ archive. This archive contains the I.BAT file that is the main virus code and the additional files:
P, BATALIA3
The BATALIA3 file contains several additional batch commands. The P file contains original code of an infected BAT file.
Thus any infected file contains the text strings (DOS commands) and the binary data (ARJ archive).
When executed, the virus runs the ARJ archiver, extracts the I.BAT and runs it. This batch file then searches for not infected BAT files in the current directory and infects them.
While infecting, the virus saves an original BAT file to ARJ archive (file P) and overwrites it. As a result the length of a file infected by BAT.Batalia3 may be less than before infection.
BAT.Batalia4
Description BAT.Batalia4
This is the harmless non-memory resident parasitic BAT virus. It searches for BAT files in the current directory, then infectes them. While infecting a file the virus run the ARJ archiver to pack necessary files. If there is no ARJ.EXE file in PATH, the virus fails to replicate itself.
The virus contains two parts of code and data. The first part (the header) contains DOS commands:
@echo off
rem BAT4
arj x %0 >nul
call i
del sg
del i.bat
The second part (the rest) is an ARJ archive. This archive contains the I.BAT file that is the main virus code and the additional file named SG. The SG file contains several additional batch commands.
Thus any infected file contains the text strings (DOS commands) and the binary data (ARJ archive).
When executed, the virus runs the ARJ archiver, extracts the I.BAT and runs it. This batch file then searches for not infected BAT files in the current directory and infects them.
While infecting, the BAT.Batalia4 virus appends its code to the end of files and does not modify the original file contents.
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Berga Teknikcentrum Ek. FÖr.
Robert Sellings StÄd
Everos Bygg & TrÄdgÅrd
Olofsson, Carina
Ocab I HÄlsingland Aktiebolag
|