Virus Database

Serbu family

Description Serbu family

These are not dangerous memory resident encrypted parasitic viruses. They use several levels of anti-debugging tricks in installation routine as well as in interrupt handlers. They write themselves to the end of COM and EXE files that are executed or opened, as well as to the end of .GIF and .JPG files (!!).
When an infected file is executed, the virus decrypts itself by using INT 1 and INT 3 hooks, then allocates block of DOS memory, copies itself to there, traces INT 21h, 2F and hooks them. To hook INT 2Fh the virus patches the DOS kernel.
Depending on the system date the viruses display the rectangle:
XXXXXXXX
XXXXXXXX

"Serbu.3493" displays the text:
.. A_C_O: Dirgantara Jaya ..

The viruses also contain the text strings:
"Serbu.3493": R-SERBU-1 (c)09-16H Emhaka
"Serbu.3493": -SERBU-

Check other viruses! Be aware! Use Antiviral Software

DM.674

Description DM.674

This virus is not memory-resident, very dangerous. Under some conditions it wipes out the first 80h sectors of the hard disk. The virus bypasses subdirectories of the current disk and writes itself into .COM-files by standard way. Beginnings of infected files become as follows:
MOV BX,offset Virus;
JMP BX;
DB 'DM'.

DMR.1200

Description DMR.1200

This is a benign memory resident encrypted parasitic virus. It was found in-the-wild in January 1998 in the Russian northern port city (see- The Hunt for Red October) of Murmansk. It hooks INT 21h, and writes itself to the end of EXE files that are executed or opened. In some cases, because of an error, the virus corrupts files while infecting them (such files can be disinfected without any problem).
On 13th of any month, the virus displays the message:
DMR, Pantera & Ale Forever !
D M R F o r e v e r !
Dis iz ChaosTraveller ver. 2.0
Nightmare, yeah ? Try to be clean !
Suck off, fucksider ! Today`s 13th !

Home