Virus Database

TenBytes.1411

Description TenBytes.1411

This is a dangerous, memory resident parasitic virus. It hooks INT 21h, and writes itself to the end of COM and EXE files that are loaded into the memory. While infecting COM files, the virus writes the 32-byte Jmp-Virus routine to the beginning of the file. In infected EXE files, there are two possible variants of the entry offset in the virus code.
The virus activates only when the interrupt handler contains the word FC80h (this condition is always met if INT 21h points in DOS to the original system handler). Then the virus patches the first five bytes of the INT 21h handler with JMP FAR Loc_Virus instruction, copies itself to the system memory at the address 9800:0000, and does not fix the MCB list. This might halt the computer. The virus also hooks INT 1 and 3, and disables the debugger.
Starting from September 1st, while writing to the disk (INT 21h,AH=40h), the virus changes the address of the data buffer, and as a result, corrupts the data that is saved on the disk.

Check other viruses! Be aware! Use Antiviral Software

Demolited.1585

Description Demolited.1585

It's a very dangerous memory resident encrypted virus which hooks INT 1Ch, 21h and infects by a standard manner .COM-files, except COMMAND.COM, that are opened or executed. On 17th of every month it overwrites the MBR by a small program which types "DEMOLITION is here!". It overwrites the files by the text:
Sorry, this file was destroyed by DEMOLITION! from THE YODAS CREW Italy

It also contains the text "DEMOLITED COMMAND.COM". Sometimes it manifests itself by the black caterpillar moving on the screen.

Demon.348

Description Demon.348

These are harmless not memory resident parasitic viruses. They search for .COM-files of current directory and C:COMMAND.COM file and write themselves at their ends. They contain the internal text string:
_=-DEMON-=_

Home