Virus Database

Trojan.Win32.Filecoder.a

Description Trojan.Win32.Filecoder.a

Filecoder is a trojan program that renames and encrypts files into subdirectories of local and network drives. It is written in Delphi and compressed by the UPX utility. The compressed size is 137 KB; the uncompressed size is 353 KB.

This virus program is sent via e-mail, proclaiming itself to be "a very useful tool".
Installation
The program copies itself under the WINDOWSsystemNTFS.exe name and sets itself into the system registry auto-run key:
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun] "FsystemTracer"="C:\WINDOWS\system\NTFS.exe"
Once this is done the program looks for the file with the name
EXEADDED
and executes it.
**Source name = the name of the host file.
Payloads
The program scans all files into all subdirectories except the directory and then alters them. It renames EXE files and writes itself under the original file name. The new name of the file contains the string:
"EXEADDED" + old file name
For the rest files, the program renames and encrypts them. It can only rename files without encryption. The new name of the file contains the string:
"FILEISENCODED" + old file name
The Filecoder program creates 50 different files with corrupted names in the directory named Common Desktop. These files contain Russian text.

Check other viruses! Be aware! Use Antiviral Software

Accept.3773

Description Accept.3773

This is a dangerous memory resident parasitic encrypted virus. It hooks INT 21h and writes itself at the end of COM and EXE files that are executed. If the file is already infected, the virus searches for other executable files and hits them. The virus contains the internal text string:
COMMANDSCANCLEANNAVCPAVBOOTSAFEVSAFEIB
MAVSHVGUARDVIRTESTVCAREDAILYDISKPART
It checks the file name before infection. If the name is COMMAND, SCAN, CLEAN, NAV, CPAV and so on, the virus does not hit that file. On December, 20th and March, 28th the virus corrupts the disk sectors. The virus also contains the internal text strings:
*.COM *.EXE
747
ME PERDI A ACCEPT, SOY UN PELOTUDO

ACDC.494

Description ACDC.494

This is a harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM files (except COMMAND.COM) that are executed. The virus does not manifest itself in any way, it contains the internal text string:
COMMAND

Home

Viruses from A to Z
0-9 A B Ñ D E F G H I J
K L M N O P Q R S T
U V W X Y Z



Juegos De Bob Esponja
Calling Cards
Phone Cards
Cash Advance Online
Syria Phone Cards

    Copyright © 2005 Virus-Database.com
© 2005 Virus-Database.com