Virus Database

Raiden.1433

Description Raiden.1433

It is not a dangerous memory resident multipartite virus. When an infected file is executed, the virus infects the MBR of the hard drive. While loading from infected MBR the virus hooks INT 13h, 1Ch, 4Fh, waits for DOS loading process and hooks INT 21h. By hooking INT 21h the virus intercepts EXE files execution and opening, and writes itself to the end of the file. By hooking INT 13h the virus intercepts accessing to infected MBR and calls stealth routine.
In some cases (depending on the command line) the virus disinfects the host file. On INT 4Fh AX=666h calls the virus displays the message:
+---------------------------------------+
¦ MBR VIRUS V.01 NECROSOFT CORPORATION ¦
¦ WRITEN BY RAIDEN COPYRIGHT (C) 1996 ¦
+---------------------------------------+

Check other viruses! Be aware! Use Antiviral Software

Mururoa.2529

Description Mururoa.2529

This is a relatively harmless, memory resident encrypted parasitic stealth virus. It hooks INT 21h, and writes itself to the end of COM and EXE files that are executed or closed. When an infected file is opened, the virus disinfects it. The virus doesn't infect several anti-virus utilities (see the string below).
On the 4th of any month, it displays the following message:
+-------------------------------------------------+
| I have one mesage to all people on earth : |
| Stop all French nuclear testing in the PACIFIC |
| Dont forgot :Comon people dont like nuc. tests! |
| This is is a MURUROA 1.386 by Blesk |
| PLUTONIUM IS BETTER IN POWER-PLANT !!!! |
| My greet to VYVOJAR,SVL,METABOLIS and all IRC. |
+-------------------------------------------------+
The virus also contains the text string:
.exe .com avg fv386 turbo fv86 guard toolkit scan virlab vir asta vc sswap debug td stacker alik rex msav cpav nod clean f-pro tbav tbdriver tbclean tbscan avast nav vshie dizz command vsafe

Mururoa.3443

Description Mururoa.3443

This is a relatively harmless, memory resident encrypted parasitic stealth virus. It hooks INT 21h, and writes itself to the end of COM and EXE files that are executed or closed. When an infected file is opened, the virus disinfects it. The virus doesn't infect several anti-virus utilities (see the string below).
On May 4, 8, and 20, it displays the following message:
+-------------------------------------------------+
| I have one mesage to all people on earth : |
+-------------------------------------------------+
| All French nuc. test`s was STOPED. But MURUROA |
| IS DEAD !!!!! I am a coder of HELL FIRE and I |
| BRING YOU >>>>>> FIRE <<<<<< By Blesk/SVL |
|NOTE: Name of this virus is [MURUROA_END] |
| By Blesk from Slovak Virus Laboratories at .SK |
| Real name of BOZA is BIZATCH.. STUPID A-VERS !!!|
| PLUTONIUM IS BETTER IN POWER-PLANT !!!! |
| My greet to: VYVOJAR,SVL,VLAD,SKIMS,40-hex,IR |
+-------------------------------------------------+
| And to some my friends: DJ.Milan,DJ.Maros, |
| DJ.Babula(Baby),TINA-huhu,DURO,LACI,Duffy,Kaaa, |
| Stano alland more... A zdravim Mira Trnku 8)) |
+-------------------------------------------------+
The virus also contains the text string:
I am in LOVE now... ZUZANKA B.B. in Slovakia <:)<8<
I love PC Revue ....
For M.T.: Vivat Ziar nad Hronom.. 8)) Uz si rad ??
RADAR v PC Revue 9/94

Home