Trojan.Telefoon
Description Trojan.Telefoon
When executed this trojan appends virus-like code to the end of C:RARA.EXE and C:RARA.OVR files if they exist. If there are no such files, they trojan looks for them in the directory that is pointed by "RA=" instruction in DOS Environment.
When "infected" files are executed, the trojan code hooks INT 21h, 60h and stays memory resident. It then monitors several blocks of system memory and looks for "TELEFOON" strings in there. If such string is found, the trojan patches some bytes in this b
While installing memory resident the trojan uses nonlegal tricks and in some cases crashes the system.
Check other viruses! Be aware! Use Antiviral Software
Srp Family
Description Srp Family
These are not dangerous nonmemory resident parasitic viruses. They search for .EXE files and write themselves to the end of the file. "Srp.2248" beeps after infection of the next file. While executing and infecting "Srp.2306" displays the messages:
This is SRP !!! (c)Copyright 1993,1994 Y&Y corp. Moscow
Successfully
SRX.2304
Description SRX.2304
It is a very dangerous memory resident parasitic virus. It hooks INT 21h and when files are created or executed, it searches for .COM and .EXE files and writes itself to the end of file. The virus has bugs and corrupts some files while infecting them. While infecting the virus also deletes the anti-virus data files CHKLIST.CPS and CHKLIST.MS.
On December 2nd it erases hard drive sectors, decrypts and displays the message:
25 WAYS TO PREVENT A VIRUS ATTACKall.
No.2 ALWAYS USE CONDOMS !!
No.25 SELL YOUR COMPUTER !
While installing memory resident from an infected EXE file the virus does not return control to the host program, but displays standard DOS error message "Bad command or file name" and returns to DOS. As a result infected EXE files do work only if the virus is already active in the system memory.
The virus contains the ID-string:
SRX
|