Riot multipartite
Description Riot multipartite
These are harmless memory resident multipartite viruses. On execution of infected file they hit MBR of hard drive. On loading from infected disk they hook INT 13h, then they hook INT 21h and write themselves at the end of COM-files are executed. They contain the internal text string:
(c) Metal Militia/Immortal Riot
Check other viruses! Be aware! Use Antiviral Software
Macro.Word.Czech
Description Macro.Word.Czech
This virus contains two original macros that are copied to five macros while infecting the NORMAL.DOT:
Documents NORMAL.DOT
AutoOpen AutoOpen
AutoClose
Crypt Crypt
ToolsMacro
FileTemplates
The virus replicates itself to the global macros area on opening an infected document, and infects documents that are opened or closed.
On entering the Tools/Macro or File/Templates menu the virus depending on random number sets for current document random numerical password and displays the MessageBox:
ULTRAS
Crypt by ULTRAS [Rioters]
Macro.Word.Daniel.a
Description Macro.Word.Daniel.a
This is an encrypted macro-virus. It contains two macros:
NORMAL.DOT Infected files
MacroManager MacroManager
Word6Menu AutoOpen
When the system opens an infected file, the virus takes control and copies its macros to the global macros area. To get a control the virus not only uses its AutoOpen macro, but also sets its macro "MacroManager" as executed on File/Save command and on Ctrl-S and Ctrl-B keys. When that macro is executed, the virus infects current document.
To hide itself in system the virus removes the menu items that access macros. While infecting a document the virus sets new file summary info fields:
Keywords = "Daniel_Stone"
Comments = "All information should be free."
The virus contains remarked texts:
You've reached! Here is the virus. Enjoy.
This is the Word_Macro_Virus_Daniel_1F - Beta International Version.
Please Support the Virus Concept. Have a nice Day! (BR/US)
|