Virus Database

Sirius Family

Description Sirius Family

These are harmless nonmemory resident parasitic encrypted viruses. They search for .COM files of C: drive and write themselves to the end of the file. They contain the text strings:
"Sirius.400": << Ebbelwoi >> by (?)S­R­US 10-93 D-63225
"Sirius.615": <>[EBBELWOI]v34 by(C)SiRiUS 1/94 D-47885 TRAN
"Sirius.640": <>[EBBELWOI]v34 by(C)SiRiUS 1/94 D-47885 VFAC
"Sirius.720": <> EBBELWOI v33m BY (?)S­R­US 12-93 D-63225 IAMQVE OPVS
EXEGI QVOD NEC IOVIS IRA NEC IGNIS NEC POTERIT FERRVM NEC
EDAX ABOLERE VETVSTAS

Sirius.975,1070
These are harmless memory resident polymorphic parasitic viruses. They hook INT 21h and write themselves to the end of .COM files that are executed. They contains the text string:
[EBBELWOI] Version QUX-7 3/94 Sirius

Sirius.Alive
These are memory resident polymorphic parasitic viruses. They hook INT 21h and write themselves to the end of COM and EXE files that are accessed. The viruses contain the text strings:
"Sirius.Alive.2200":
<< ALIVE >> BY SiRiUS, Germany, Version 0.03 (?) 1994-Oct
-WAtCh oUt fOr A pOlyMorpHic vErsIoN!-
Generation:
Infections:
Sum:
MyStamp:
ParentStamp:
[SPM] [-----------------]

"Sirius.Alive.2283":
c:dosdoskey.com
<< ALIVE >> BY SiRiUS (?) 1994-SEP, OPENVALLEY/GERMANY
TRoN! 3-Oak-SCHooL! Version 0.01á Adv.Polymorphic/Armed
SIRIUS POLYMORPHIC MODULE

"Sirius.Alive.3400" (the spaces between '=' and ']' may be filled with hexadecimal data):
[ALIVE 3] 1995 by Sirius - Germany
[ID= ]
[PARENT-ID= ]
[GENERATION= ]
[BROTHERS= ]
[SUM= ]
-D-U-VTBF-VISVSSVSSCCLINHMCOWIMS
[SIRIUS POLYMORPHIC MODULE]

"Sirius.Alive.4000" (the digits between the '[' and ']' borders may be filled with any decimal digits):
<=- A·L·I·V·E -=>
Distributed by the Alternative AL and AI Research Lab Germany,1995
FIRST NAME [000000]
LAST NAME [000000]
BIRTHDAY [01-01-95 01:01]
GENERATION [0001]
HEIR [0001]
SUM [0001]
Rewritten by SiRiUS. PrimeCode:***ÖpNV|42$)fJ***
-D-U-VF-TBSSSVVIVSNEVPIMAVCLCOHMINMSSCWI

"Sirius.Alive.2283" is a dangerous virus, it deletes some anti-virus programs. While installing memory resident it infects the C:DOSDOSKEY.COM file. It also hooks INT 1Ch, and sometimes manifests itself with some sound effect.
"Sirius.Alive.3400,4000" do not infect some anti-virus programs, and disable the stealth routines when these programs are executing.
"Sirius.Alive.4000" checks the command line while executing an infected file, and displays the message (such as above) if the command line contains "AL" string. Sirius.Annihilator These are not dangerous nonmemory resident encrypted parasitic viruses. They search for .COM files and write themselves to the end of the file. They contain the text string:
HtTM's Annihilator

Some versions of these viruses contains the strings:
"Annihilator.304,308": [HtTM's Annihilator v2.00]
"Annihilator.314": [HtTM's Annihilator v2.10]
"Annihilator.305": The great Sirius Rip Off Virus!
"Annihilator.357,361,379,383":
Your harddisk has been infected with
[HtTM's Annihilator v1.00]
"Annihilator.390,394,412,416,510,548,711":
Your harddisk has been infected with
[HtTM's Annihilator v2.00 - 10.08.1991]
"Annihilator.453": [HtTM's Annihilator v3.10]
"Annihilator.596":
This file is infected with
Annihilator
by [HtTM] - 10.08.1991/93
"Annihilator.599":
Your harddisk has been infected with
HtTM's Annihilator 3.21 - 10.08.1991/93
"Annihilator.603":
our harddisk has been infected with
[HtTM's Annihilator v3.00 - 10.08.1991/93]
"Annihilator.607,610":
-- Your harddisk has been infected with --
[HtTM's Annihilator v3.10 - 10.08.1991/93]
"Annihilator.673":
-- Your harddisk has been infected with --
[HtTM's Annihilator v3.00 - 10.08.1991/93]
The slightly polymorph COM infector Virus!
"Annihilator.733,739":
Your harddisk has been infected with
[HtTM's Annihilator v2.10 - 10.08.1991]

Some of these viruses display the corresponding string. "Annihilator.711" manifests itself by a sound effect.
"Annihilator.404" displays the message and halts the computer:
You have got the Anti TRON Virus!
Don't support TRON (MrMsNort) in D-17149 Stavenhagen

Sirius.Homunculus
It is a dangerous memory resident polymorphic parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed or opened. The virus does not infect the files with the names that have the strings at the beginning of the file name:
TB??????.*
ST??.*
F-????.*
AV.???
VS???.*
SC??.*
CL???.*
HM?.*
WI?.*
CT??.*
L.*
OR?.*
CO??.*

When any of first six listed above files is executed, the virus deletes it.
Depending on the system timer the virus displays:
[ HOMUNCULUS ] by SiRiUS nov/94 Germany
WARNING:
YOUR SYSTEM HAS BEEN CORRUPTED BY A COMPUTER VIRUS
IF YOU TURN OFF YOUR COMPUTER NOW ALL DATA ON THE HARDDISK WOULD BE LOST
Wait 5 minutes and think
about the young english
virus writers, who were
arrested by the british
police that year.
IF YOU STRIKE ANY KEY BEFORE ALL DATA ON THE HARDDISK WILL BE LOST

and then continues without any harm. The viruses also contain the text strings:
GEN:
BROS:
ANCESTORS:
ID:
PARENT-ID:
[Sirius-Polymorphic-Module] [SPM]

Sirius.Mem
These are dangerous memory resident encrypted parasitic viruses. They hook INT 21h and write themselves to the end of COM files that are executed. Depending on system date they erase the disk sectors, play a tune and display the messages. They contain the text strings:
Greetings to TRON, Sirius and Man on the Moon!
THANX to Dark Angel and PS

and/or:
"Mem.553":
Greetings to TRON, Sirius and Man on the Moon!
[Mem-Annihilator II-*-v1.00-*-1994]

"Mem.1187,1217":
Your harddisk has been infected with
|-----------------------------------------|
> Mem-Annihilator II -*- v1.04 -*- 1994 <
|-----------------------------------------|
Greetings to all virus writers elsewhere!
Serial Number: ELSE-0001

"Mem.1201,1203":
Your harddisk has been infected with
|-----------------------------------------|
> Mem-Annihilator II -*- v1.03 -*- 1994 <
|-----------------------------------------|
Greetings to all virus writers elsewhere!
Serial Number: MA2-0001

Sirius.Spawn
These are harmless nonmemory resident companion viruses. They search for .EXE files and create companion .COM files. The viruses contain the text string:
COM *.EXE

and:
"Spawn.252": Annihilator (SPAWN) is still alive!
"Spawn.255,267": Annihilator (SPAWN v1.01) is still alive!
"Spawn.258": Annihilator (SPAWN v1.00) is still alive!

Sirius.VCS
It is a harmless memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are executed. The virus contains the text string:
COM-Stealth v1.00 [ANNI-VCS 2.0]
CARO: Annihilator.VCS_2.Stealth.COM -OK- ???

Check other viruses! Be aware! Use Antiviral Software

Macro.Word.Snickers

Description Macro.Word.Snickers

This macro virus contains two macros: autoopen and autoclose. On AutoOpen it infects documents that are loaded into Word. After infection and on AutoClose the virus mixes the characters within current document. It also creates new variable in documents:
snickers=mmmhh

Macro.Word.Socks

Description Macro.Word.Socks

This is a Word macro virus. It contains four macros: AutoOpen, SOK, ToolsMacro (stealth), ToolsCustomize.
The infection routine is placed in SOK macros, which is called by AutoOpen macro on opening a document. The virus does not infect the NORMAL.DOT - it affects the files that are listed in recently used file list.
On September 9 depending on the system random counter it erases the files by using one of masks: *.EXE, *.COM, *.OVL, *.BIN, *.TXT, *.DOC, *.DOT, *.ZIP, *.ASM, *.DLL.

Home

Viruses from A to Z
0-9 A B Ñ D E F G H I J
K L M N O P Q R S T
U V W X Y Z

    Copyright © 2005 Virus-Database.com
© 2005 Virus-Database.com