Revenge.1127
Description Revenge.1127
It is a very dangerous memory resident parasitic virus. It hooks INT 21h, then and writes itself to the end of .COM files, and Jmp-Virus commands ( JMP Loc_Virus, DB '777') to the beginning of the file. Depending on some conditions this virus displays the message:
*** 777 - Revenge Attacker V1.01 ***
and erases the disk C: and D: sectors.
Check other viruses! Be aware! Use Antiviral Software
Mirea_II.4157
Description Mirea_II.4157
It is a dangerous nonmemory resident parasitic polymorphic virus. It searches for EXE files and writes itself to the end of the file. While searching and infecting it uses only absolute read/write calls INT 25h/INT 26h. It has the errors and in some cases corrupts the files while infecting them. Depending on its random counter the virus displays the message in Russian.
Mirkis.4292
Description Mirkis.4292
It is a harmless memory resident multipartite stealth virus. It infects the MBR of the hard drive and writes itself to the end of COM and EXE files, the virus is encrypted in files. It does not infect the MBR under DOS 7+ (Windows). The virus does not manifest itself in any way. It contains the text:
TYSON greeting Mir.Kis & Ro.Ch 4.97 POLAND
On loading from infected MBR the virus hooks INT 13h, waits for DOS loading and hooks INT 21h. While executing an infected file the virus hooks INT 13h, 21h and writes itself to the end of files that are executed or closed. When programs are terminates the virus also searches for COM and EXE files in current directory and infects them.
On opening an infected files the virus disinfects them (stealth). The virus does not infect several utilities and anti-virus programs: *SC??, *PR??, *MA??, *MS??, *TB??, *AV?? (SCAN, F-PROT, COMMAND, TBAV, e.t.c.). When CHKDSK or MEM utilities are executed, the virus patches the memory allocation blocks to hide its TSR copy. When anti-viruses MKS_DEMO, MKS_VIR or F-PROT are executed, the virus adds new options to the command line (/NOMEM or /M), and turns off anti-virus memory scanning. When Windows is started, the virus adds a parameter to the command line to disable 32-bit disk access. When PKZIP, ARJ or RAR are executed, the virus temporary disables its stealth routines.
The virus attempts to infect the MBR of the hard drive when any program is terminated. To read/write the MBR sector the virus uses direct reading/writing to hardware ports. By using INT 13h the virus then runs stealth routine that cancels reading/writing infected MBR.
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Leuchtmittel
Pauschalreise Mallorca
Taśmy Klejące
Fönster
Forex Affiliate Programs
|