Virus Database

Trojan.Win32.DesktopPuzzle

Description Trojan.Win32.DesktopPuzzle

Analysis: Alexey Podrezov, Data Fellows
This is a Trojan written in Delphi. The original filename is SLIDESCR.EXE. When executed under Windows 95, it blocks the task manager and opens a messagebox with the following text:
Slider 1.0
Oops, looks like somebody doesn't like you very much !
You have to finish this sliding tile puzzle before you
can continue whatever it is you're doing !
Use the cursor keys to move the pieces (black piece is
the empty one).

After 'OK' is pressed, the Trojan splits Windows desktop into several parts, mixes them and waits for the user to restore the original desktop by solving the sliding tile puzzle. It also swaps functions of cursor keys: 'Up' becomes 'Down', 'Left' becomes 'Right' and that makes solving the puzzle more difficult. There's no way to continue working with other Windows applications until you complete the puzzle. Under Windows NT the task manager is not blocked by the Trojan and the puzzle task could be killed.
If the Trojan is executed from a DOS session (full screen mode) the desktop data is not acquired correctly and the puzzle parts are blank. This happens because the desktop image is acquired by the Trojan before Windows switches from DOS screen to its desktop.

Check other viruses! Be aware! Use Antiviral Software

Anarchy.9594

Description Anarchy.9594

This is a benign polymorphic memory resident parasitic virus. It hooks INT 9, 21h, 28h and writes itself at the end of COM (except COMMAND.COM) and EXE files that are executed or closed. The header of the infected COM files contains the text strings:
JAN FAKOVSKIJ,USSR,1994
All infected files contain the not encrypted ID-string at their ends:
UNFORGIVON
On 48th infection the virus displays one of the messages (two of them are in Russian) and halts the system:
DIS IS DI END,
BEAUTIFUL FRIENDall
DIS IS DI END,
MY ONLY FRIEND-
DI END.
IT HURTS TO SET U FREE,
BUT U'LL NEVOR FOLLOW ME.
DI END-
OF LAUGHTER & SOFT LIES,
DI END OF NIGHTS...WE TIRED TO DIE...
DIS IS DI END
I WANNA DESTROY DA PASSORS-BY
'CAUSE I
WANNA BE,-
YEAH,- ANARCHY
On pressing [Alt]-[GreyMinus] the virus calls the trigger routine that emulates the file shell a'la Norton Commander and allows to copy, move, delete the files and subdirectories and so on. That routine displays the menu like this one:
3584000

Andreas.1107

Description Andreas.1107

This is a harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed. The virus also searches for COM and EXE files in the current directory and infects them.
On the 19th of any month the virus also hooks INT 9 (keyboard) and on each key decrypts and displays the text "Andreas".

Home