Virus Database

Trojan-Downloader.VBS.Psyme.ap

Description Trojan-Downloader.VBS.Psyme.ap
This Trojan downloader exploits a vulnerability in Internet Explorer to launch other Trojan programs on the victim machine. The program is designed as an HTML page; when it is viewed, Visual Basic Script malicious code, approximately 3KB in size, will be executed. The Trojan then copies itself toall

Check other viruses! Be aware! Use Antiviral Software

Starship

Description Starship

This is a memory resident and not dangerous stealth polymorphic virus. It infects only newly created COM- and EXE-files on the A: and B: drives. The virus also infects MBR of the hard disk if an infected file is started. As a result of this policy the virus stays resident in memory and can be moved to other computers with the minimum of the infected objects. So it is more difficult to find the virus. There is one more reason to use such a policy: when only newly created files are infected there is no need to control the DOS fatal errors (INT 24h).
The virus infects files in a standard way using the polymorphic mechanism. To infect a disk the virus puts itself into the last sectors of it, replaces the active boot sector address in the Partition Table with its own starting address. During an access to MBR or to the last sectors the virus uses stealth mechanism.
The virus infects the memory during rebooting from an infected disk. It places some part of its TSR copy into the interrupt vectors table (0000:02C0) and into BIOS Data Area (0000:04B0); the main part of the code is placed into the video RAM (BB00:0050). When the operating system is loaded the virus looks for other programs. If some program has been swapped from the memory (Exit - INT 20h, INT 21h and ah=0 or 4Ch) the virus moves from the video RAM to the place of the program. If a program remains resident (Keep - INT 27h, INT 21 and ah= 31h) the virus "attaches" its code to the program body. The virus recovers its main part in the video RAM if this part has been corrupted, and does this from the disk.
Depending on the internal counters the virus "beeps" using Morse code and shows "stars" on the screen. It contains the string ">STARSHIP_1<". The virus hooks INT 13h, 20h, 21h, 27h.

Stasi.1728

Description Stasi.1728

It is a very dangerous nonmemory resident parasitic polymorphic virus. It searches for EXE files and writes itself to the end of the file. The virus contains the lists of the file names. The first list is:
(.ID ANTI-VIR.DAT C:TBAVVIRSCAN.DAT CHKLIST.CPS C:CPAVCHKLIST.CPS
C:NAV_._NO C:NOVIRCVR.CTS C:NOVIPERF.DAT C:TOOLKITFILES.LST
C:FSIZES.QCV C:UNTOUCHUT.UT1 C:UNTOUCHUT.UT2 C:VS.VS

and the virus deletes these files when they are executed. The virus does not infect the file if the file name contains the string from the second list:
F- FLU SCAN CLEAN TB TNT VIR

Sometimes this virus displays one of the messages:
Erich Mielke is still alive! Watch out for Stasi spys!
Ever heard of Markus Wolf? Stasi is watching you!

The virus writes to the Boot sectors the command that halts the computer while booting. The virus also contains the text string:
Stasi is watching you! Nice programming, eh? The Stasi virus is written by
the author of Vriest, 789 (aka Filehider) and Witcode. Black Axis

Home