Tack Family
Description Tack Family
These are dangerous nonmemory resident parasitic viruses. They search for .COM files of the current directory and write themselves to the end of the file. The viruses infect the files in incorrect way: they overwrite first six bytes of the file beginning with Jmp-Virus instructions (MOV AX,offset Virus / JMP AX), but before return to the host program the viruses restore only five bytes of the code. These viruses display the message:
----------------- Hello, I am virus ! ------------
"Tack.449" contains the word "TACK".
Check other viruses! Be aware! Use Antiviral Software
Macro.Word.Stryx
Description Macro.Word.Stryx
This encrypted virus contains four macros:
NORMAL.DOT Infected files
DokumentSchließen DokumentSchließen
DateiSchließen DateiSchließen
Stryx1 StryxOne
Stryx2 StryxTwo
It infects the system on DokumentSchließen and DateiSchließen (FileClose and DocClose).
On December 1st the virus creates the FUNNY.COM DOS trojan and runs it. This trojan creates random named subdirectories on current disk. To drop that trojan the virus saves to FUNNY.SCR file hexadecimal dump and converts it to DOS executable by using DEBUG utility. To do that the virus creates and executes FUNNY.BAT file:
@echo off
debug < funny.scr > nul
@echo off
Funny.com
By using similar way the virus drops the DRACHE.GIF file with an image of a dragon. Then the virus creates new template, inserts this GIF into there and adds the strings:
STRYX!!!!
Look at your HD! :-)
Sorry, but it's so funny!
NJ 1996
Macro.Word.Sunbeam
Description Macro.Word.Sunbeam
This Word macro virus contains three macros: DocClose, SUNBEAM, FileOpen. The virus infects the global macros area (NORMAL.DOT) on closing an active window (DocClose) and writes itself to documents that are opened (FileOpen).
On October 5th the virus creates and executes the random named file (<3 letters of current document name>DIE.BAT) that contains the text:
echo 123>clock$
|