Virus Database

Tchechen Family

Description Tchechen Family

These are very dangerous memory resident encrypted parasitic viruses. They hook INT 21h and write themselves to the end of COM and EXE files that are executed. They drop a trojan to the MBR of the hard drive, but often fail. While dropping that trojan, the viruses detect the Megatrends and the Award BIOSes, and disable the system virus alarm utility in these BIOSes. Being dropped the trojan after some days erases the disk sectors and displays the message:
"Tchechen.1909,1912,1919":
POLITICAL PRO$TITUTE$ OF THE WORLD, (UN)ITE !
IN REWARD FOR THE SCORCHED EARTH OF TCHECHNYA.
ENJOYIN' WAR BY TV YOU'RE GLAD -YOUR ASS IS SO FAR FROM.
WAIT, YOU'LL SEE THE REAL BLOOD SOON..RIGHT AT YOUR WINDOW
AND YOU WORTH IT !!!

The viruses also contain text strings:
"Tchechen.1909,1912,1919":
The Tchechen,(C)RUSSIAN BEAR,1995.
Megatrends
AWARD

Tchechen.3338-3604
These are polymorphic viruses. They trace INT 13h, 21h, hooks INT 22h, then return the control to the host program, wait for terminate call (INT 22), hook INT 21h and stay memory resident. The viruses write themselves to the end of COM and EXE files that are executed. The viruses checks the file name and do not infect the files: WE*.* AD*.* AI*.* CO*.* DR*.* AV*.* TB*.* CH*.*
Some of these viruses contain several bugs and may halt the system. The viruses overwrite the MBR of the hard drive with a trojan program that in 10 days erases the hard drive sectors and displays the message:
"Tchechen.3338,3370,3604":
HALF YEAR OF WAR HAS GONE. IT STILL DOES.
MASS MURDER WAS RECOGNIZED BY THE WORLD COMMUNITY.
ACCEPT MY CONGRATULATIONS ! ENJOY THE WORLD'S NEW ORDER !
THE TCHECHEN, v2.0 (C) RUSSIAN BEAR. 1995,JUNE

"Tchechen.3420,3436":
I`M WASTING TIME APPEALING TO YOU.
WASTE YOUR.^.TO RESTORE HD.
THE TCHECHEN v2.2 Web&BugsFix (C) RUSSIAN BEAR, 12.12.95

The viruses also contain text in Russian.

Check other viruses! Be aware! Use Antiviral Software

Oeur.3072

Description Oeur.3072

This is a dangerous memory resident multipartite virus. Upon loading from an infected file, it hits the hard-drive MBR, and upon installation in a system memory, it hooks INT 13h, 21h, and F5h. Upon loading from an infected MBR, it also hooks INT 1Ch, which summons an installation routine when DOS is loaded in the system memory. Upon calling to the ChDir DOS command, the virus summons INT F5 that searches for EXE files, and writes the virus code to their ends. INT 13h is used to perform a stealth algorithm upon access to the infected MBR. In October, this virus overwrites disk sectors with data, which contains the string "oeur934" at the beginning. It contains internal text strings, and on Friday, it displays them backwards:
$?! ynnuf uoy erA
$.akrakurD all eis im izduN
$.draobyeK ... em ssiK
$!!! EVITCAOIDAR si KSID DRAH ruoY
$!!! em KCUF ton oD
$:A evird otni AZZIP tresnI ! yrgnuh ma J
$setteksid owt era :A evird nI ! gninraW
$$ejeiwezdr rosecorp jowT
$emsat agaicw :C ajcats agawU
$tceted rosecorp 4XD687 oN ! gninraW
$yob diputs uoY
$.K ZSUIRAM ... .J ECZSEINGA ejukydyd asuriw ogeT
$AGA evol J
$noisrev SOD tnerrocnI
$selif erom oN
$$selif desolc ynam ooT
$noitcerder etacilpuD
$hctamsim egap edoC
$deinad sseccA
$sroloc eerhct si AGV ruoY
$ydaer ton SME
$SURIV rof yromeM etacolla tonnaC
$sretemarap KCATS dilavnI
$fys ot AGIMA
$moniks creimS
$$LUCSOK zrpeiP
$hcanalg w eizdjyzrp suzeJ
$NATAS EVA
$azorgz oT
$aselaW z zcerP
$!! corw AGA
$RAWONAM evol J
$daed si - PAR - OKSID - ONHET
$yladep ot ylap esyL
$ycicam jem do zcerp eceR
$! iwoloi
$?! ynnuf uoy erA
$.akrakurD ... eis im izduN
$.draobyeK ... em ssiK

Oggo.3837

Description Oggo.3837

It is a very dangerous memory resident encrypted parasitic virus. It hooks INT 8, 21h and writes itself to the beginning of .COM and to the end of EXE files that are executed. In some cases the virus deletes all files in current directory. Depending on its internal counters it manifests itself by a video effect and displays the messages:
ALPAK Group
CpSci,Adamson University
O G G O

Home