Virus Database

RiftVilly family

Description RiftVilly family

These are harmless memory resident parasitic viruses. They hook INT 21h, and write themselves to the end of COM files. "RiftVilly.469" intercepts file access to DOS functions and infects COM files that are executed, opened or renamed; "RiftVilly.490" does the same with EXE files. "RiftVilly.480" intercepts a ChangeDir DOS function, and upon such calls, searches for .COM files in the current directory and infects them.
The viruses contain the following text strings:
"RiftVilly.469": Rift Villy v.3.4
"RiftVilly.480": Rift Villy v.3.1
"RiftVilly.490": Rift Villy v.4.0

Check other viruses! Be aware! Use Antiviral Software

Manu.4096

Description Manu.4096

It is a not dangerous memory resident parasitic virus. It hooks INT 21h and writes itself at the end of COM- and EXE-files that are executed. It contains the internal text strings:
Manu virus Version 1.0
Parity error 0000:F243

The last string can be displayed in future versions of the virus, in that version, the corresponding branch is not activated.

Manuel family

Description Manuel family

These are memory resident parasitic viruses. They hook INT 21h and write themselves to the end of .COM files (except COMMAND.COM) that are executed or opened.
"Manuel.1155" searches for .COM files and infects it on DOS function GetDiskSpace (AH=36h) calls. While executing an infected file the virus infects the files from the list:
C:DOSFORMAT.COM
FORMAT.COM
C:DOSKEYB.COM
KEYB.COM

In some cases while installing the viruses display the messages:
"Manuel.777": Soy un Manuel Virus de tipo G
"Manuel.814": Soy un Manuel Virus de tipo N
"Manuel.840": Soy un Manuel Virus de tipo B
"Manuel.858": Soy un Manuel Virus de tipo L
"Manuel.876": Soy un Manuel Virus de tipo R
"Manuel.937": Soy un Manuel Virus de tipo C
"Manuel.957": Soy un Manuel Virus de tipo C
"Manuel.972": Soy un Manuel Virus de tipo B
"Manuel.995": Soy un Manuel Virus de tipo H
"Manuel.1155": Soy un Manuel Virus de tipo H
"Manuel.1388": Soy un Manuel Virus de tipo M

"Manuel.777,814,876" are not dangerous viruses, they does not manifest themselves in other ways.
"Manuel.840,972" are very dangerous viruses. Depending on their internal counters they delete the files instead of infecting them.
"Manuel.858" is not a dangerous one, depending on its internal counters it hooks INT 8 (timer) and delays on every timer tick.
"Manuel.937,957" erase CMOS memory.
"Manuel.995,1135" corrupt the disk sectors and display the message:
Manuel Virus: to repare HD, rotate rigth the sector (not the bytes)
number 2, head 0, of tracks 0 to length of this message

"Manuel.1388" plays a tune.
Manuel.2209
It is an encrypted virus. It infects both .COM and .EXE files. Depending on the system date the virus beeps with PC speaker. While executing an infected file the virus receives the control and infect the files:
C:DOSCOMMAND.COM
DOSCOMMAND.COM
COMMAND.COM
COMMAND.COM

This virus also contains the text strings:
c:doscommand.COM
Manuel strikes again

Home