Virus Database

Rideon.4313

Description Rideon.4313

It is a dangerous memory resident polymorphic and stealth parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are closed. The stealth routines are activated on files searching and opening calls. When infected files are opened, the virus disinfects them. When they are searched, it decreases their size back to the original value.
When the anti-virus F-PROT, or data compressing utilities RAR, ARJ, PKZIP, LHA, or BACKUP utility is executed, the virus disables some of its stealth routines. When the F-PROT anti-virus is run, when it reads data from files (to load data or scan files for viruses), the virus copies random data to its read buffer.
The virus deletes the anti-virus data files:
ANTI-VIR.DAT CHKLIST.MS SMARTCHK.CPS AVP.CRC IVB.NTZ CHKLIST.TAV

The virus polymorphic engine has several bugs and in some cases produces the polymorphic loop that is not able to decrypt virus code. Such files halt the system when executed.
On July 4th the virus erases the CMOS memory and displays the message:
-- [RIDEON] (c) ThE_WiZArD / DDT (Spain) --
###### ## ##### ##### ####### ### ##
# # ## ## ## ## ## ## #### ##
###### ## ## ## ## ## ## ## ## ##
## ## ## ## ## ##### ## ## ## ## ##
## ## ## ## ## ## ## ## ## ## ##
## ## ## ##### ##### ####### ## ####

The virus also contains the text strings:
#ThE_WiZArD
You`ll take my life but iïll take yours too
For those about to rock all I salute you!

Check other viruses! Be aware! Use Antiviral Software

Fdate1111.570.a

Description Fdate1111.570.a

This is a not memory-resident encrypted parasitic virus which searches for EXE files of the current directory and writes itself to their ends.
It contains the text "*.EXE".
It changes the date and time of creation of infected files to August, 17th, 1991, 2.08am (1111h) but doesn't manifest itself in any other way.
This virus can erase the MBR of hard drive depending on the system timer.

Fear.1823

Description Fear.1823

It's a memory resident encrypted parasitic virus. It hooks INT 21h (for infection) and INT 2Fh (for "Are you here?" call). It writes itself to the end of .COM-files on their execution. The files can be encrypted wrong, they hang up the computer and are not recovered. Sometimes it formats the HD sectors and displays:

Home

Viruses from A to Z
0-9 A B Ñ D E F G H I J
K L M N O P Q R S T
U V W X Y Z



Mobile Phone Logos
Progressive Rock
XML Datenrettung
Chilispace
Transporte Nacional

    Copyright © 2005 Virus-Database.com
© 2005 Virus-Database.com