Virus Database

TakeControl

Description TakeControl

It is a dangerous memory resident parasitic polymorphic virus. It writes itself to the end of EXE files and the COMMAND.COM file. Then an infected EXE file is executed, the virus infects C:COMMAND.COM and C:DOSCOMMAND.COM files, if they exist. Then the virus returns the control to host EXE program. The virus does not warry about internal COMMAND.COM format and corrupts that file, if it has EXE internal format (Win95 COMMAND.COM).
When an infected COMMAND.COM is executed, the virus hooks INT 21h, stays memory resident and infects EXE files that are executed.
The virus leaves in memory just a half of its code - about 2.8Kb, while infecting a file the virus reads its complete code from the C:COMMAND.COM file, and then writes this code to EXE files.
The virus checks the file names and does not infect the files from the string (four bytes per name - 3P.E*, AHEL*.*, ALIK*.*, APPE*.* and so on):
3P.EAHELALIKAPPEASTAATTRAVASAVG.AZORBINOBOOTBUILCHKDCLEADEFRDFA.DISK
DOSXDPMIDRVSDSWAEMM3EXE.EXEMEXPAF-PRFASTFC.EFDISFINDGPEGGUARHIEWINI.
INSTINTEKERNKRNLLABELGUAMAKEMANDMEMMMOVEMSBAMSCDMSD.MWBANAV.NLSFPAST
PCC.POWEREX.REPLRESTRTM.SCANSETVSHARSHIESMARSORTSUBSTB.ETEMCTRAPTSAF
UCOMUEXEUNDEVCOPVGUAVIRSVIRTVIRUVIVEVS.EVSHIWIN.WINSWSWAXCOP

Starting from July 1997 the virus displays the message and halts the computer:
TAKE CONTROL of yor mind, your body and your soul !!!
(I'm taking control of your machine - he, he, he all!)
Replace your C:COMMAND.COM and C:DOSCOMMAND.COM and it'll be O.K.
... forever!
Zdar Grisofte, McAfee nebo jiny pocitacovy maniaku, jenz tento virus pitvas.
*** Gratuluju ***
>>> Konecne jsi me dekodoval a dostal se az sem. <<<
At zije D.J.BOBO a jeho TAKE CONTROL!!!
--- Virus napsany specialne na podporu antivirovych firem. ---
### Preji ti uspesny boj se vsemi moznymi viry, jako je tento. ###
Grisofte, vase AVG je fakt dobry, ale ve verzi 4.0 pro Windows je dost chyb.
No nic, puvodni CS:IP u EXE nebo prvni tri byty u COMMANDu jsou tady --->

Check other viruses! Be aware! Use Antiviral Software

Flowers.1688

Description Flowers.1688

It is a very dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of .COM and .EXE files that are executed. Before infecting a file the virus also affects the C:COMMAND.COM file. On 1st of any month at 3:30am the virus erases the CMOS and disk sectors. The virus contains the text strings:
GOLDEN FLOWERS!
VEGERATABLES!
PLEASE REMEMBER239
C:COMMAND.COM
SAE7

Floyd.1542

Description Floyd.1542

It is not a dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of EXE files that are executed. The virus checks file names and does not infect anti-virus programs according to the string "tbscclhirsf-" (two bytes per name - TBAV, SCAN, CLEAN,all). Depending on its counters the virus displays the text:
Now life devalues day by day, as friends and neighbours turn away,
And there's a change, that even with regret, cannot be undone...
PiNK FLOYD, The Division Bell.
MCH' 97
[Any Key]

The virus also contains the text string:
FLOYD ViRUS v.1.01.095

Home