Timid Family
Description Timid Family
These are dangerous nonmemory resident parasitic viruses. They write themselves to the end of either all files (*.*) or only .COM files of the current directory. If all files are already infected, some of these viruses format the C: drive sectors. Some of "Timid" viruses display the name of the file being infected. The beginning of infected files contain the word "GR" or "VI".
"Timid.320" displays:
HEH!HEH!HEH!HEH!
Check other viruses! Be aware! Use Antiviral Software
Open Family
Description Open Family
These are dangerous memory resident parasitic viruses. They hook INT 21h, 2Fh and write themselves to the end of COM and EXE files that are executed. The viruses check the file name and do not infect the files:
COMMAND, IBM, PC, TB, CKVI, KLVI, DEVI, BTOOL, RTOOL, TDISK, SCAN, CLEAN, F-
On execution of some files the viruses deletes them, and then display:
Your PC was now OPEN! Whao! Ha! Ha! Ha! Ha!
== Written by Zhuge Jin at TPVO , 1995 ==
=== Taiwan Power Virus Organization. ===
"Open.1183" displays:
This is [Vivian's Birthday] virus by Data Monster in Hong Kongall!
Happy birthday to Vivian Lai...!
Opera.1013
Description Opera.1013
This is a relatively harmless memory resident parasitic virus. The virus affects executable files of two different platforms: DOS COM files as well as Windows VxD drivers.
The virus installs itself into the DOS memory, allocates a block of memory, hooks INT 21h nnd 2Fh, and stays memory resident. The INT 2Fh hook is used by the virus only to detect its already installed TSR copy so as to prevent duplicate installing. The INT 21h hook is used to intercept file access functions such as file executing, opening, renaming, and file attributes read/write. When such a function is intercepted, the virus checks the file name extension and infects files that have a .COM or .VXD extension.
While infecting a DOS COM file, the virus moves a block of file code from the top to the file bottom, and writes its code to the file top. The host file code that is stored at the file bottom is written there in encrypted form.
A similar way is used while affecting VxD drivers, but the virus writes itself to the file middle at the address of a 16 bits VxD entry routine. The virus looks for the 16 bits entry in the VxD and infects only those that have such an entry. The virus then moves that routine to the file bottom and overwrites that address with its code.
On July 25th, and being run from an infected COM file, the virus decrypts and displays the following message:
Opera IX, Horned Beast/VADER
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
|