Virus Database

TotalChaos.a

Description TotalChaos.a

This is a memory-resident boot virus. It infects floppy disks boot sector as well as hard drive MBR. The virus is encrypted and uses stealth routines. It is very dangerous: under debugger, it erases data on the hard drive. To read/write hard drive sectors, the virus uses direct calls to a hard drive controller instead of INT 13h calls.
The virus hooks INT 13h and 76h. The INT 13h hook is used by the virus to detect a debugger (see above), and INT 76h hooker runs stealth and infection routines.
The virus contains the following text strings:
TOT4L CHAOS - ABS0LUTE FREEDOM
666
=[T2/IR]=

Check other viruses! Be aware! Use Antiviral Software

CmosDead family

Description CmosDead family

These are very dangerous memory resident parasitic polymorphic and stealth viruses. They trace and hook INT 21h, stay memory resident and then write themselves to the end of COM and EXE files that are accessed. The viruses do not infect the anti-virus programs and several utilities:
AVG SYS SCAN CLEAN WIN TBAV PROT GUARD VS 286 386 DSK

When CHKDSK is run, the viruses disable their stealth routines. In some cases when listed above programs are executed, the viruses display the message and disable executing:
I don't like this program !

The viruses use anti-debug tricks. Under debugger they display the message and halt the computer:
BE CAREFUL !

Depending on their internal counters the viruses hook INT 9 (keyboard), corrupt the CMOS, display the message:
GRISOFT(c) SOFTWARE 1989,96

and manifest themselves with a video effect. If Ctrl-Alt-Del keys are pressed during effect, the viruses call disk formatting BIOS routine.
In some cases the viruses call the same effect routine, then they overwrite the MBR of the hard drive with a program that displays on booting:
CMOS-DEAD: DATA DESTROYED !

The viruses also contain the text string:
Hello Mr. Odehnal !

as well as:
"Odehnal.4792": EXECOM12/19/91
"Odehnal.5154": EXECOM06/12/95

CmosDeath

Description CmosDeath

It is a very dangerous memory resident boot virus. It hooks INT 13h and writes itself to the MBR of the hard drive, and boot sectors of the floppy disks. Depending on the system timer it erases the CMOS. The virus contains the text string:
CMOS Death

Home

Viruses from A to Z
0-9 A B Ñ D E F G H I J
K L M N O P Q R S T
U V W X Y Z



Surf Anonymous Today
Facebook Proxy Sites
Free Auto Traffic Exchanges
Roofing Austin
Rocio FÖretagsservice

    Copyright © 2005 Virus-Database.com
© 2005 Virus-Database.com