Virus Database

Trojan.Stdout

Description Trojan.Stdout

These programs are the result of the idea to write the DOS-virus of the smallest length. There are "Trivial" overwriting viruses that have very small size (the smallest ones are about 20 bytes). Different tricks are used in these viruses to decrease the length of the virus code, and in "Trojan.Stdout" that idea was carried to the point of absurdity.
These programs are rather trojans, than the viruses. They just write their code to the STDOUT (display by default) by using very few instructions:
MOV AX,BP or XCHG AX,BP ; while executing a COM file BP=091Ch,
MOV DX,SI ; and SI=0100h for majority of DOS versions
INT 21h ; the result values: AH=09h, DX=0100h
RET ; return to DOS

These programs may replicate themselves only being executed with the redirection parameter in the command line:
Infected.COM > SomeFile.COM

Being executed without parameters they just display the random data to the screen.

Check other viruses! Be aware! Use Antiviral Software

Neko.2697

Description Neko.2697

This is a memory resident parasitic polymorphic virus. It traces INT 13h and 21h, hooks INT 21h and writes itself to the end of EXE files that are executed. On Tuesdays it displays the following:
Dear Mrs.Grandy:
Aloha!
It is me,Neko again! This is the lastest version 2.0
Undoubtedly,I am not what I was.
Let me tell you something about my improvement.
I work with the Antilogic Engine I.
It is a new invention.So,
Showtime! Neko version 2.0
Made by Metal Satan

Nephew.2906

Description Nephew.2906

These are dangerous memory resident encrypted parasitic viruses. They hook INT 21h and write themselves to the end of COM and EXE files that are executed. The viruses delete the anti-virus data files: CHKLIST.MS, CHKLIST.CPS, ANTI-VIR.DAT, CHKLST.TAV, SMARTCHK.TAV. The viruses do not infect the files: HIEW, SAFE, SOS e.t.c. according to strings (four letters per name):
HIEWSAFESOS./WD.WARNCPAV
ADINANTIAIDSVIRUVIR.SCANRWEBLD.EGUARCLEA

The viruses also attempt to overwrite files from the second string (ANTI, AIDS, VIRU, VIR., SCAN, e.t.c.), but fail to do that because of a bug. They attempts to overwrite these files with a program that displays the message:
+--------------------------------------------------------------------+
| U N R E G I S T E R E D P R O G R A M ! |
+--------------------------------------------------------------------+
This version is NOT freeware, you MUST register it!
Call (+7-095)135-6253, 137-0150

The viruses scan DOS kernel, look for the DSKREET driver and patch its code with a call to virus routine. In this patch the virus sets some flags and depending on them writes some data to last disk directory sectors. It writes by using old style calls only and is able to do that only with disks with 32M or less disk space. The virus also uses
The virus also contains the text string:
(=) Big Nephew (=)

Home