Virus Database

Trojan.Win16.BuggyShell

Description Trojan.Win16.BuggyShell

This program is not a real trojan, but an utility that works like a trojan because of a bug. This utility intends to replace Windows SHELL with another application by patching the "Shell=" instruction in the SYSTEM.INI file in the [boot] section. Because of a bug this routine does work only on COMPAQ computers and corrupts the SYSTEM.INI file under any other environment: the "Shell=" instruction in this case points to nothing. When Windows reboots with corrupted SYSTEM.INI it is not able to locate the Shell and halts, for instance in case of Win95 it displays the error message:
Error loading.
You must reinstall Windows.

To repair corrupted SYSTEM.INI it is necessary to load the computer in DOS mode and fix following data in the SYSTEM.INI file:
[boot]
shell=

Usually Shell points to EXPLORER.EXE in case of Win32 or to PROGMAN.EXE in case of Win3.xx.

Check other viruses! Be aware! Use Antiviral Software

Arianna.2864

Description Arianna.2864

This is a memory resident multipartite, encrypted and stealth virus. While executing an infected file it infects the MBR of the hard drive. While loading from infected MBR it hooks INT 1Ch, waits for DOS loading, then hooks INT 13h for stealth algorithm while accessing to infected MBR, and INT 21h to infects the files. It writes itself to the end of EXE files that are accessed. When an infected file is opened, the virus disinfects it.
Sometimes the viruses manifest themselves with a video effect and erase the original MBR sector (not first hard drive sector, but the sector containing the original MBR that was saved while infecting a disk). The viruses contain the text strings:
"ARIANNA VIRUS"HAS DONE A RECOVERABLE DAMAGE
GOOD LUCK FRIEND !!
+--------------------------------------------+
| ARIANNA is changing your computer activity |
| If you wish no damage do not turn it off |
| ThanX for diffusion ! |
+--------------------------------------------+
Coded in Bari thanX 2 DOS UNDOCUMENTED

Arianna.3076

Description Arianna.3076

This is a parasitic encrypted and stealth virus. While executing an infected file it infects the MBR of the hard drive. While loading from infected MBR it hooks INT 1Ch, waits for DOS loading, then hooks INT 13h for stealth algorithm while accessing to infected MBR, and INT 21h to infect the files. It writes themselves to the end of EXE and COM files that are accessed. When an infected file is opened, the virus disinfect it.
Sometimes the viruses manifest themselves with a video effect and erase the original MBR sector (not first hard drive sector, but the sector containing the original MBR that was saved while infecting a disk). The viruses contain the text strings:
Improved ARIANNA , waiting for ADVANCED 386
Bari @1995 by AV(ANTI)-VIRUS SYSTEM

Home