Virus Database

Serbu family

Description Serbu family

These are not dangerous memory resident encrypted parasitic viruses. They use several levels of anti-debugging tricks in installation routine as well as in interrupt handlers. They write themselves to the end of COM and EXE files that are executed or opened, as well as to the end of .GIF and .JPG files (!!).
When an infected file is executed, the virus decrypts itself by using INT 1 and INT 3 hooks, then allocates block of DOS memory, copies itself to there, traces INT 21h, 2F and hooks them. To hook INT 2Fh the virus patches the DOS kernel.
Depending on the system date the viruses display the rectangle:
XXXXXXXX
XXXXXXXX

"Serbu.3493" displays the text:
.. A_C_O: Dirgantara Jaya ..

The viruses also contain the text strings:
"Serbu.3493": R-SERBU-1 (c)09-16H Emhaka
"Serbu.3493": -SERBU-

Check other viruses! Be aware! Use Antiviral Software

BadBoy.1000.a

Description BadBoy.1000.a

This is a harmless memory resident parasitic encrypted virus. It hooks INT 21h and writes itself at the beginning of COM files are executed. This virus uses System File Table on infection. It is divided on 9 blocks of code and data (installation block, data block, INT 21h block e.t.c.). When the virus installs itself into the memory, 8 of these 9 blocks can be rearranged in any order depending on the system timer. On infection the virus saves encrypted image of its TSR copy into the file, so orders of code blocks in two infected file can be different.
This virus displays on 10th infection:
The bad boy halt your systemall
And then halts it.
The virus contains the text:
The Bad Boy virus, Copyright (C) 1991.

BadBoy.1000.c

Description BadBoy.1000.c

This is a harmless memory resident parasitic encrypted virus. It hooks INT 21h and writes itself at the beginning of COM files are executed. This virus uses System File Table on infection. It is divided on 9 blocks of code and data (installation block, data block, INT 21h block e.t.c.). When the virus installs itself into the memory, 8 of these 9 blocks can be rearranged in any order depending on the system timer. On infection the virus saves encrypted image of its TSR copy into the file, so orders of code blocks in two infected file can be different.
The virus contains the text:
Pile of shit
The Worthless Piece of shit virus that is a joke.

Home