Bagoes
Description Bagoes
It is not a dangerous memory resident boot virus. It hooks INT 13h, 17h and writes itself to the MBR of the hard drive and boot sector of floppy disks. While printing a text the virus replaces "R" and "r" letters with "L" and "l". The virus contains the text strings:
B.A.G.O.E.S
STMIK BUDI LUHUR
INDONESIA
Check other viruses! Be aware! Use Antiviral Software
Bebe.486
Description Bebe.486
These are nonresident dangerous viruses. They affect .COM-files in the current directory. They increase the size of infected file up to a paragraph, copy themselves at the file end and alter its first 14 bytes (PUSH AX; all ; JMP FAR Loc_Virus ). The viruses have an error - doesn't restore DTA. This might result in hanging up the computer. There is one more delicate error: they doesn't take into account that INTEL 80x80 processor has a conveyer, and modifies the command following the current one, the result is that the viruses work only on old IBM PC models. Apart from the above text the viruses contain the string "*.COM".
The viruses are nonresident, but they create a small memory-resident program. With this purpose they copy a part of viruses' body to the interrupt vector table at the address 0000:01CE and sets INT 1Ch or INT 21h to this program.
"Bebe.486" hooks INT 21h and while writing into file (INT 21h, f.40h) it changes '+' to '-' and '-' to '+' in buffer is writing.
"Bebe.1004" hooks INT 1Ch (timer) and some time later displays the following message:
+-------- VIRUS ! ------+
ƒ Skagi "bebe" > ƒ
+-----------------------+
After the word "bebe" is typed in from the keyboard, the virus answers: "Fig Tebe !".
Beda.883
Description Beda.883
These are memory resident parasitic stealth viruses. They hook INT 21h and write themselves at the end of the files are executed or closed. On infected file opening the viruses disinfect it, and then hit again on closing. They use BEDAh hexadecimal value as virus ID word for infected files, and on detection of already loaded virus TSR copy.
"Beda.883,1301" hit COM-files only, "Beda.1530" hits both COM- and EXE-files, on infection of EXE-files that virus may corrupt them.
"Beda.883,1301" are not dangerous viruses, depending on their internal counters they manifest themselves with the video effect.
"Beda.1530" is dangerous virus. It deletes the anti-virus programs -V, WEB, AIDSTEST, A-DINF. It hooks INT 09h also, and depending on its internal counter it changes the keys are entered: '?', 'n' and 'N' to 'B', 'y' and 'Y'.
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Asus Motherboards
Free Auto Traffic Exchanges
Fildelningsprogram
|