Virus Database

Trojan.PSW.Phreaker

Description Trojan.PSW.Phreaker

This program belongs to the family of password stealing Trojans (PSW).
When run, the Trojan installs itself to the Windows system directory with the KERNEL32.EXE name and registers this file in the system registry auto-run section:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun kernel32 = kernel32.exe
The Trojan can also drop an additional DLL library KERN32.DLL. The Trojan then registers itself in the system as a hidden aplication (service), the Trojan process then is not visible in the task list.
When active in the system, the Trojan periodically sends e-mail messages to its host (hacker's e-mail address - this address also is optional). The message contains the following: computer information (owner, Internet address, etc); RAS and ICQ information; cached passwords (login name and password); as well as text strings that are entered by a user during a Windows session.
The Trojan can be managed by a special script (set of commands) that is placed on a Web page (i.e., this Trojan has "backdoor" ability), but this page is off.

Check other viruses! Be aware! Use Antiviral Software

Tchechen Family

Description Tchechen Family

These are very dangerous memory resident encrypted parasitic viruses. They hook INT 21h and write themselves to the end of COM and EXE files that are executed. They drop a trojan to the MBR of the hard drive, but often fail. While dropping that trojan, the viruses detect the Megatrends and the Award BIOSes, and disable the system virus alarm utility in these BIOSes. Being dropped the trojan after some days erases the disk sectors and displays the message:
"Tchechen.1909,1912,1919":
POLITICAL PRO$TITUTE$ OF THE WORLD, (UN)ITE !
IN REWARD FOR THE SCORCHED EARTH OF TCHECHNYA.
ENJOYIN' WAR BY TV YOU'RE GLAD -YOUR ASS IS SO FAR FROM.
WAIT, YOU'LL SEE THE REAL BLOOD SOON..RIGHT AT YOUR WINDOW
AND YOU WORTH IT !!!

The viruses also contain text strings:
"Tchechen.1909,1912,1919":
The Tchechen,(C)RUSSIAN BEAR,1995.
Megatrends
AWARD

Tchechen.3338-3604
These are polymorphic viruses. They trace INT 13h, 21h, hooks INT 22h, then return the control to the host program, wait for terminate call (INT 22), hook INT 21h and stay memory resident. The viruses write themselves to the end of COM and EXE files that are executed. The viruses checks the file name and do not infect the files: WE*.* AD*.* AI*.* CO*.* DR*.* AV*.* TB*.* CH*.*
Some of these viruses contain several bugs and may halt the system. The viruses overwrite the MBR of the hard drive with a trojan program that in 10 days erases the hard drive sectors and displays the message:
"Tchechen.3338,3370,3604":
HALF YEAR OF WAR HAS GONE. IT STILL DOES.
MASS MURDER WAS RECOGNIZED BY THE WORLD COMMUNITY.
ACCEPT MY CONGRATULATIONS ! ENJOY THE WORLD'S NEW ORDER !
THE TCHECHEN, v2.0 (C) RUSSIAN BEAR. 1995,JUNE

"Tchechen.3420,3436":
I`M WASTING TIME APPEALING TO YOU.
WASTE YOUR.^.TO RESTORE HD.
THE TCHECHEN v2.2 Web&BugsFix (C) RUSSIAN BEAR, 12.12.95

The viruses also contain text in Russian.

Tcp.407

Description Tcp.407

It is a harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the end of EXE files that are executed. The virus does not manifest itself in any way. It contains the text:
[Baby Bug, Tcp/29A]

Home