Virus Database

Trojan.AOL.Buddy.a

Description Trojan.AOL.Buddy.a

this text was written by Alexey Podrezov, Data Fellows Ltd
The "Trojan.Aol.Buddy" (also known as "PennyTools Trojan") is an AOL password stealing Trojan. Two versions are currently known (by May 1999). This Trojan uses a tricky way of installing itself to system. It uses 5 different ways at the same time to make disinfection more difficult:
1. Through Registry by modifying RUN key to launch C:COMMAND.EXE hidden file, which is the Trojan's body
2. Through SYSTEM.INI by adding a screensaver reference routine to C:WindowsSystemWINSAVER.EXE - the system will become infected when the screen saver starts.
3. Through WIN.INI - by adding to the execution of C:America Online 4.0BUDDYLIST.EXE hidden file to LOAD= string with more than 80 spaces in front of the line to hide it
4. Again through WIN.INI - by adding to the execution of a C:WindowsSystemNortonAntiVirREGISTRYREMINDER.EXE hidden file to RUN= string
5. Through the Windows start-up directory - by placing an AIM REMINDER.EXE file in the WindowsStart MenuProgramsStartup folder.
Also a DLL is created in the WindowsSystem folder with the name VCLCNTL.DLL, but it contains some text data for the Trojan, not DLL code. When Windows is started, the Trojan is also started (one of steps 1-5), and remains active during all Windows sessions. It sends a user's AOL login and password as an e-mail to or addresses (depending on the Trojan version).

Check other viruses! Be aware! Use Antiviral Software

BackTime.1234

Description BackTime.1234

This is a dangerous memory-resident virus. It hooks INT 8 (timer), and INT 21h and hits COM files by a standard way when they are executed.
This virus drops "Stoned.March6" boot virus.

BackTime.496

Description BackTime.496

This is a dangerous memory-resident virus. It hooks INT 8 (timer), and INT 21h and hits COM files by a standard way when they are executed.
This virus doesn't restore the registers when the INT 8 is called sometimes. It also contains the text "Joker".

Home