Virus Database


Rch.1138

Description Rch.1138

This is a benign memory resident polymorphic parasitic virus. It hooks INT 9, 21h and writes itself to the end of COM and EXE files that are executed or opened. On May 20th the virus inserts the following text into the keyboard buffer (i.e. simulates user input):
"Just a joke,Don't mind!"---Rch

Check other viruses! Be aware! Use Antiviral Software

IRC-Worm.Radex

Description IRC-Worm.Radex

This is a virus-worm that spreads via IRC channels. The worm itself is a batch-script file about 3 Kb in length.
The worm copies itself to the following batch files:
C:Windowswinstart.bat
C:WindowsLINUX_SH_DOS_BAT_WIN_JS.bat
C:Win95LINUX_SH_DOS_BAT_WIN_JS.bat
C:Win98LINUX_SH_DOS_BAT_WIN_JS.bat
C:WinMELINUX_SH_DOS_BAT_WIN_JS.bat

The batch file drops and executes the JS file LINUX_SH_DOS_BAT_WIN_JS.JS. This JS file displays a dialogue window with the following Title/Subject:
Radix16/SMF
SH-BAT-JS


After this, the worm creates and sends the new e-mail message to the following address:
Radix16@atlas.cz
The infected messages contain the following:
Subject: SHBATJS
Body: crazzy bat :) testing MS OTLOOK in the (WORLD)
Attach: LINUX_SH_DOS_BAT_WIN_JS.bat

The virus-worm also creates the file C:MIRCSCRIPT.INI. This INI file sends the batch file to the IRC channels.
Installing
While installing, the worm copies its JS component to the Windows directory with the name C:WINDOWSLINUX_SH_DOS_BAT_WIN_JS.JS, and registers this file in the WIN.INI run section.
The worm also contains the following text strings:
# /bin/sh
-=LINUX START=-
-=DOS/WIN START=-
ONLY SAMPLE (TEST) LINUX SH DOS BAT WIN JS all........
WoRlD iS mY

IRC-Worm.Readme.1077

Description IRC-Worm.Readme.1077

This is an IRC worm spreading through IRC channels and using the mIRC client for spreading. The worm appears on a computer as the README.EXE DOS program. When this file is executed by a user, the virus installs itself resident into DOS memory and infects DOS COM files (except COMMAND.COM) that are executed. The virus is encrypted in infected files, and its code is placed at the end of files.
The virus also creates its "dropper" README.EXE on the C: drive (this file has a "hidden" attribute) and "registers" it in the C:AUTOEXEC.BAT in the very first lines: they contain an instruction to execute virus the dropper upon each rebooting.
To spread through mIRC channels, the virus searches for the C:INTERNETMIRCdirectory and creates a SCRIPT.INI file there that contains just one command for sending the README.EXE dropper to anybody joining the infected channel.
The worm contains the following text strings:
;-)x
whose name means dark matter vir-L

Home

Viruses from A to Z
0-9 A B Ñ D E F G H I J
K L M N O P Q R S T
U V W X Y Z



Deals
David Soard Harassment
Baby Supplies
Home And Garden

    Copyright © 2005 Virus-Database.com
© 2005 Virus-Database.com