Trojan-Spy.HTML.Visafraud.a
Description Trojan-Spy.HTML.Visafraud.a
This Trojan using spoofing in order to steal confidential information from VISA users. It appears to be a HTML page. It arrives in a message which appears to be important information from VISA: The message contains a link which includes an exploit for the Internet Explorer Frame Spoofall
Check other viruses! Be aware! Use Antiviral Software
Rycho Family
Description Rycho Family
These are not dangerous parasitic viruses. They search for EXE files and writes themselves to the end of the file.
"Rycho.1024.a" and "Rycho.1536.a" are nonmemory resident viruses. "Rycho.1024.b" and "Rycho.1536.b" are memory resident ones, they hook INT 1Ch, 21h and search for .EXE files when any program is executed.
"Rycho.1024.b" changes the video fonts so that the characters stays invisible. "Rycho.1536.a,b" display the messages:
"Rycho.1536.a": A.N.F. WalczyallPunx not dead...!!! #VIR v1.41
"Rycho.1536.b":
+----> UWAGA - wirus `ASIULA` <---+
¦ Marry Christmas and Happy New ¦
¦ Year. Ha,Ha my friends. RYCHO G.¦
+---------------------------------+
Rycho.Babol.2048
It is a harmless memory resident parasitic virus. It hooks INT 13h, 21h.
While selecting new disk the virus searches for EXE files, and writes
itself to the end of the file. The virus contains several routines that are
never called. The virus contains the text strings:
(C) Dj.Babol
*Made in Poland *Greetings to M.Sell
*Beda z ciebie ludzie ..sie smiali!*.COM Äis safe!
You are death*Pozdrowienia dla w.wirusowcow!
*.EXE
RZ.160
Description RZ.160
It is a dangerous memory resident parasitic virus. Being executed it copies itself into the memory at the address 6000:0000 and does not fix MCB list, that can halt the computer). Then it hooks INT 21h and writes itself to the beginning of COM files that are executed. The infected files contain the word "RZ" at their beginning.
|