Virus Database

Romania.856

Description Romania.856

It is a harmless memory resident parasitic virus. It hooks INT 13h, 28h and on INT 28h calls searches for .COM files except COMMAND.COM and writes itself to the end of the file. The virus contains the text strings:
COMMAND
ROMANIA

Check other viruses! Be aware! Use Antiviral Software

I-Worm.Klez.h

Description I-Worm.Klez.h

The Klez.h variant of the Klez worm family is very similar to Klez.e. The differences are:
This variant has no payload and doesn't destroy files.
It brings with it additional variants of infected Messages, Subjects and Bodies.
Example of a Klez.h email message Subject and Body content:
Worm Klez.E immunity
Klez.E is the most common world-wide spreading worm.
It's very dangerous by corrupting your files.
Because of its very smart stealth and anti-anti-virus technic,
most common AV software can't detect or clean it.
We developed this free immunity tool to defeat the malicious virus.
You only need to run this tool once,and then Klez will never come into your PC.
NOTE: Because this tool acts as a fake Klez to fool the real worm,
some AV monitor maybe cry when you run it.
If so,Ignore the warning,and select 'continue'.
If you have any question,please mail to me.
This worm looks for files with the following extensions:
.txt .htm .html .wab .asp .doc .rtf .xls .jpg .cpp .c .pas .mpg .mpeg .bak .mp3 .pdf
Depending on several conditions Klez.h attaches a file with one of the above listed extensions to infected emails (as the second attached file). As a result, confidential or personal information may be sent out and made public.
Another example of Klez.h email message content:
Win32 Klez V2.01 & Win32 Foroux V1.0
Copyright 2002,made in Asia
About Klez V2.01:
1,Main mission is to release the new baby PE virus,Win32 Foroux
2,No significant change.No bug fixed.No any payload.
About Win32 Foroux (plz keep the name,thanx)
1,Full compatible Win32 PE virus on Win9X/2K/NT/XP
2,With very interesting feature.Check it!
3,No any payload.No any optimization
4,Not bug free,because of a hurry work.No more than three weeks from
having such idea to accomplishing coding and testing
How do I delete the Klez virus?
1) disconnect the infected PC from the local network (if exists)
2) run clrav.com file
If the program says "nothing to clean" - run it from the command line with the paramrter /scanfiles, for example:
C:clrav.com /scanfiles
3) re-boot your PC in Safe Mode
4) run clrav.com again
5) reinstall the anti-virus package and update the anti-virus database
6) run Kaspersky AV Scanner and check all the hard drives

I-Worm.Langex

Description I-Worm.Langex

Langex is a worm virus spreading via the Internet as an attachment to infected emails. The worm itself is Windows PE EXE file about 3KB in and length written in Assembler.
The worm activates from infected email only in case user clicks on attached file. The worm does not install itself to the system and is not activated anymore (except the cases when user clicks on attached email again).
To spread the worm uses Windows MAPI functions and "answers" to messages from Email box. The worm sends "reply" to each message:
The subject is original message subject with prepended "Re:" text.
The message body begins with the text:
CLIENT NOTICE: the recipient viewed your message and this is the reply message (original version of your message is shown after this text). Due to the differences of text encoding method used by the recipient and the method used on this system, the needed language pack is attached to this message. If the the corrections will be applied, you will be able to read the reply message.
with original message text appended to that, and the attached file name is:
LANG.EXE
The "answerred" message is deleted then by the worm.
The worm also has "copyright" text in its body:
Simple MAPI demonstration : kahuna/TKT'

Home