SRX.2304
Description SRX.2304
It is a very dangerous memory resident parasitic virus. It hooks INT 21h and when files are created or executed, it searches for .COM and .EXE files and writes itself to the end of file. The virus has bugs and corrupts some files while infecting them. While infecting the virus also deletes the anti-virus data files CHKLIST.CPS and CHKLIST.MS.
On December 2nd it erases hard drive sectors, decrypts and displays the message:
25 WAYS TO PREVENT A VIRUS ATTACKall.
No.2 ALWAYS USE CONDOMS !!
No.25 SELL YOUR COMPUTER !
While installing memory resident from an infected EXE file the virus does not return control to the host program, but displays standard DOS error message "Bad command or file name" and returns to DOS. As a result infected EXE files do work only if the virus is already active in the system memory.
The virus contains the ID-string:
SRX
Check other viruses! Be aware! Use Antiviral Software
Gratug.482
Description Gratug.482
It is not a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are executed. Depending on the system date it decrypts and displays the string:
GratuQ
GraveLion.2250
Description GraveLion.2250
This is a relatively harmless memory resident multipartite polymorphic virus. When an infected file is executed, the virus infects the MBR of the hard drive and returns to the host program. While loading from an infected disk, the virus hooks INT 8 and INT 9, waits for DOS loading and hooks INT 13h and 21h, and writes itself to the end of COM and EXE files that are executed, opened or renamed.
The virus uses quite a complex stealth routine to hide infected MBR. First, the virus does not put its code to the MBR - it just writes its code to the disk starting from the second disk sector and modifies the address of the active boot sector in the disk Partition Table (see also "Starship" virus). While accessing the infected MBR by INT 13h calls, the virus redirects these calls to the original MBR that is saved in the 7th sector on the disk. When the files B*.EXE, F*.EXE, T*.EXE (direct disk access anti-viruses?) are executed, the virus temporarily disinfects the infected disk.
If an error occurs while loading from an infected disk, the virus displays the following:
Access to Hard Drive deniedall
The virus also contains the text:
[ü ¿ ûÑ"Ñ¡ ] v1.0 Copyright (c) 1995 Grave Lion
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Overseas Property Turkey Sale
Property In Dalyan For Sale
Real Estate In Bodrum For Sale
Sharp
MalmÖ Byggledare Handelsbolag
|