Virus Database

Sailor family

Description Sailor family

These are memory resident parasitic viruses. They hook INT 21h and write themselves to the end of executable files:
"Sailor.785": EXE on execution
"Sailor.834": COM on execution
"Sailor.1108": COM and EXE on execution, renaming
and on Get/Set File Attributes DOS call

The viruses contain the text strings:
"Sailor.785": Sailor.Venus -b0z0/iKx-
"Sailor.834": Sailor.Mercury -b0z0/iKx-
ANTI-VIR.DAT CHKLIST.MS
"Sailor.1108": Sailor.Mars -b0z0/iKx-
TBAVF-VISCITIVFINACO

"Sailor.785" is the polymorphic virus, it does not manifest itself in any way.
"Sailor.834" deletes the files: ANTI-VIR.DAT, CHKLIST.MS. When the files *VP.* (AVP), *RO.* (AVPRO) or *OT.* (F-PROT) are executed, the virus disables its infection routine.
"Sailor.1108" encrypts itself in quite complex way - while infecting a file it writes itself backward byte-by-byte except INTxx opcodes (CDxx). This routine has a bug, and in some cases the virus encrypts the files incorrectly, and they halt the system when executed. This virus does not infect several anti-viruses (TBAV, AVP, F-PROT,all see the string above) as well as COMMAND.COM file.
Sailor.Neptune.938
It is a harmless memory resident encrypted parasitic virus. It hooks INT 21h and infects COM files that are executed. While infecting a file the virus reads a block of file's data, encrypts it and saves to the end of the file, then it writes itself instead of this block to the middle of the file. The virus does not manifest itself in any way, it contains the text strings:
Sailor_Neptune
-b0z0/iKx-

Sailor.Pluto.3673
It is a dangerous memory resident parasitic polymorphic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed. The virus has bugs and infected files may halt the computer. The virus checks the file names and does not infect several anti-viruses and COMMAND.COM according to the string (two letters per name - TBAV, AVP, F-PROT and so on):
TBAVF-SCMSFINACO

The virus contains the text strings:
Sailor_Pluto
-b0z0/iKx-
PADANIA - 1997
Chaos is the future and beyond it is Freedom
[SMPE 0.2]

Sailor.Saturn.4553
It is a dangerous memory resident polymorphic parasitic virus. The virus uses quite complex polymorphic engine, the size of the polymorphic decryption code may exceed 6K.
The virus hooks INT 21h and writes itself to the end of EXE files that are executed or accessed by FindFile DOS functions. It does not infect files on floppy disks, as well as files with digits in their names. It archivers and other utilities are started (PKZIP, LHA, ARJ, XCOPY, BACKUP), the virus disables some of its routines. When anti-virus programs AVP/AVPLITE are started, the virus adds to the command line options that disable memory scanning and heuristic analysis; the same for TBAV anti-virus.
On September 14th the virus writes to the MBR of the hard disk a trojan code, which displays a picture and waits a keyboard input "Free Panadia", and then continues booting the computer.
The virus contains the text string:
Sailor_Saturn -b0z0/iKx- Free Padania [SMPE 0.3]

Check other viruses! Be aware! Use Antiviral Software

Porridge.1384

Description Porridge.1384

It is not a dangerous nonmemory resident parasitic virus. It infects the COM files of the current directory. If all the files are infected, or there are not the COM files, then this virus displays the message in Russian. It also contains the word:
Error

Poss Family

Description Poss Family

There are memory resident dangerous parasitic viruses. They hook INT 8, 21h and write themselves to the end of COM and EXE files (except COMMAND.COM). Sometimes they delete the files. They manifest themselves by the face picture which is drawn on the screen. They also contain the text strings:
COMMAND.COM
POSSESSED! Bwa! ha! ha! ha! ha!
Author: JonJon Gumba of AdU
:*.COM :*.EXE

Home