TD.1536
Description TD.1536
It is not a dangerous memory resident multipartite virus. It writes itself to the end of COM and EXE files, to the MBR of the hard drive and to the boot sector of floppy disks. The virus does not manifest itself by any sound or video effect. It was named after its ID-text "TD" that presents in infected files, boot and MBR sectors.
When an infected file is executed, the virus infects the MBR of the hard drive, hooks INT 21h and stays memory resident. It then affects files that are executed. The virus pays attention to Windows self-checking signature ENUNS that presents at the end of Windows COM files and patches it. While installing memory resident the virus also infects the C:WINDOWSWIN.COM file and deletes the C:WINDOWSSYSTEMIOSUBSYSHSFLOP.PDR file, if they exist.
On loading from infected disk the virus hooks INT 13h, 1Ch, waits for DOS loading process and then hooks INT 21h. By hooking INT 13h the virus infects floppy disks, INT 13h handler also has stealth routine that is activated on accessing to already infected disks.
Check other viruses! Be aware! Use Antiviral Software
Australian.Judy.1050
Description Australian.Judy.1050
The virus hooks INT 21h and writes itself at the end of COM-files that are executed. Depending of the system date it creates the file JUDY.COM. On execution of that file it draws the following text:
This is a tribute to Judy Garland
= "heart"
The virus also contains the internal strings:
Judy Scroller by AP [all]
Whoa Judy, Wot I would not give to have a taste of you.
Autumnal.3072
Description Autumnal.3072
It is a very dangerous memory resident multipartite virus. It infects the MBR of the hard drive and writes itself to end of .COM and .EXE files. While executing an infected file the virus infects the MBR, hooks INT 8, 13h, 21h and stays memory resident by DOS call Keep (INT 27h). While loading from infected disk the virus decreases the size of the system memory (the word at the address 0000:0413), hooks INT 8, 13h, waits for DOS loading, then hooks INT 21h and restores the size of the system memory to hide its TSR block.
While accessing to the files by DOS functions Exec, Open, Rename, FindFirst/Next both FCB and ASCII the virus infects the files except CO*.* and IB*.*. While accessing to infected MBR the virus calls the stealth routine. When an infected file is loaded for debugging, the virus disinfects it. If and error occurs while disinfecting, the virus displays the message:
Error in File
The virus uses anti-debug tricks. On July 13th it deletes the files instead of infecting them.
The virus contains the text strings:
Ver 4.00
(C)Copyright Autumnal Water Corp. 1991
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
ALBERT ENGSTRANDS GOLVFIRMA AB
VEKAB STORKÖKSTEKNIK AB
KÅLLEKÄRRS OLJECENTRAL AB
Traffic Exchange Directory
Notebook Batteries
|