Trojan.IRC-Hack
Description Trojan.IRC-Hack
This Trojan horse is a self-extracting package that installs a program to attack IRC clients. The Trojan then installs to the system the Serv-U FTP server in a configuration that shares a C: drive on the victim PC for full access. The Trojan also registers a Serv-U FTP server in the WIN.INI file in the auto-run section.
Because of a bug, the Trojan works only when Windows is installed in the C:WINDOWS directory. The Trojan also does not work under WinNT and Win2000.
To remove the FTP server from the computer, it is necessary to remove the "load=closew" from the [windows] section in the WIN.INI file and to delete the files:
AJOUT.INI
CLOSEW.BAT
INSTLL.BAT
RUNDLLS.EXE
SERV-U.INI
Check other viruses! Be aware! Use Antiviral Software
Rubbit.734
Description Rubbit.734
This is a benign memory resident parasitic virus. It searches for original address of INT 21h handler in DOS area, hooks INT 21h and writes itself to the end of the files. While installing its TSR copy the virus copies itself to the address 9000:0106 and do not fix MCB list, that can halt the system.
The virus infects COM files that are executed or loaded as overlay. While infecting they rename the file to "RUBBIT.$$$", infect it and then rename back to original name.
These viruses also contain the texts:
:RUBBIT.$$$
Rubix family
Description Rubix family
These are dangerous nonmemory resident encrypted viruses. They search for .COM files in the current directory, then overwrite them. The viruses have several blocks of code and data, these blocks are encrypted/decrypted on-the-fly when viruses are run. The viruses contain the text strings:
*.COM
Well, this is a new overwriting virus. K00l, huh? Not really.
But it encrypts different sections of itself during executioner,
and that's neat.
Coder: Executioner
|