Virus Database

RavenSys.1324

Description RavenSys.1324

It is not a dangerous memory resident parasitic virus. It writes itself to the end of SYS files (device drivers). The header of the virus contains the text: "RAVEN00X". The virus hooks INT 21h, intercepts Exec DOS call (4Bh) and on executing any program searches for SYS files and infects them.
When an infected driver is loaded into the memory, the virus hooks INT 21h and stays memory resident. It does it in two different ways depending on the system conditions. In case of first way, the virus leaves its TSR copy at the same addresses as being loaded. Then it waits for DOS system ChangeMemory call (AH=4Ah), allocates new block of memory and copies itself to there. In case of second way the virus writes its code on the first track of the hard drive (not used sectors) and copies its "loader's" (90 bytes) code to Interrupt Vectors Table. Then it, the same as in case of first way, waits for ChangeMemory DOS call, allocates a block of memory, and reads to there its code from the hard drive.
While installing memory resident the virus displays the message:
+-+---·-· · · Raven Sys Infector 1.0 · · ·----+-+
+-+-----------------------------------------------------------------+-+
+-¦-+ Created By Stone Shadow +-:-¦
+-:-+ Copyright (c) 1995 - 96 By COEAC Viral System Development. +-¦-¦
+-+-----------------------------------------------------------------+-+
+-+--- ·· · · Creatures Of Electronic Anti Christ · · ·· ---+-+

Check other viruses! Be aware! Use Antiviral Software

Macro.Word.Boogie

Description Macro.Word.Boogie

This macro virus contains four macros:
Documents NORMAL.DOT
vExit FileExit
vFSav FileSaveAs
vMacro ToolsMacro
AutoOpen Boogie

The virus infects the global macros area on opening an infected document (AutoOpen). It writes itself to documents that are saved with new name (FileSaveAs). The virus disables the Tools/Macro menu (stealth).
The virus contains the comments:
***********************************************
* Boogie v4.0beta (c) DNazi [SGWW] Kiev 1996. *
* Dedicated to Mike Naumenko. *
***********************************************

Macro.Word.Boom

Description Macro.Word.Boom

This virus is encrypted, it contains four macros: AutoOpen, DateiSpeichernUnter, System, AutoExec. It infects the system on opening an infected file (AutoOpen) and documents that are saved by FileSaveAs (DateiSpeichernUnter).
On MS Word startup (AutoExec) the virus sets the System macro as triggered at 13:13:13. At this time MS Word calls this macro and the virus runs its trigger routine. It renames the menus:
Datei Bearbeiten Ansicht Einfügen Format Extras Tabelle Fenster

to
Mr. Boombastic and Sir WIXALOT are watching you ! !

The virus then prints the string:
Mr. Boombastic and Sir WIXALOT : Don`t Panik,
all things are removeable !!! Thanks VIRUSEX !!!

then creates new template and writes the text to there:
Greetings from Mr. Boombastic and Sir WIXALOT !!!
Oskar L., wir kriegen dich !!!
Dies ist eine Initiative des Institutes zur Vermeidung und Verbreitung von
Peinlichkeiten, durch in der Öffentlichkeit stehende Personen, unter der
Schirmherrschaft von Rudi S. !

The virus also contains the strings:
Mr. Boombastic and Sir WIXALOT !!!

Home