Virus Database

Trojan.Win32.SecondThought.c

Description Trojan.Win32.SecondThought.c

Trojan.Win32.SecondThought.c has two component parts.
The first is written in Visual C++ and compressed using UPX. The compressed size is 24288 bytes, and the decompressed size - 48864 bytes.
Installation
When installing the Trojan downloads a file from http://www.2n****ought.com/files/loader.exe, saves it as stcloader.exe in the Windows system directory and registers the files as a key to enable auto-run in the system registry:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
Payload
Once installed, the Trojan launches stcloader.exe
The second component part (stcloader.exe) is written in Visual C++ and compressed using UPX. The compressed size is 27648 bytes, and the decompressed size is 66048 bytes.
Installation
Stcloader.exe secretly installs itself in Program Files and registers itself in the system registry.
Payload
Stcloader.exe creates Second Thought.lnk on the Desktop with a link to itself, and Eliminate Pop-Ups with a link to http://www.ki****op-ups.com/block.php?ref=desktop. This causes advertising to be shown while the Internet is being used. The program collects information on which sites and resources interest the user, and sends this information to the creator of the virus. It also adds a Search tool bar to the browser.

Check other viruses! Be aware! Use Antiviral Software

Soulfly.2000

Description Soulfly.2000

These are very dangerous memory resident encrypted parasitic stealth viruses. They hook INT 21h and write themselves to the end of COM and EXE files that are accessed. While installing into DOS memory they also locate and infect the WIN.COM file in the Windows directory. When the utilities PKZIP.EXE, ARJ.EXE, LHA.EXE, RAR.EXE, BACKUP.EXE, or FTP.EXE are run, the viruses disable their stealth routines.
Under debugger the viruses erase data on the hard drive. On 31st of month depending on the system time they also erase the hard drive's data.
The viruses contain the text strings:
"Soulfly.2000":
SOULFLY, FLY FREE!

T-2000 / Immortal Riot
"Soulfly.2036":
Shaolin Kung-Fu, coming for yu!

Henry Ho - Master in Shaolin Kung-Fu, Sweden.

SoulManager.4838

Description SoulManager.4838

It is a harmless nonmemory resident polymorphic parasitic virus. It searches for .COM files in the current directory, then writes itself to the end of the file.
The virus uses an extremely complex polymorphic engine, and it is expected that lot of anti-virus programs will have problems with detecting this virus. The "SoulManager" virus encrypts itself by several polymorphic loops, each loop has lot of junk instructions, junk loops, calls to DOS functions (INT 21h) and anti-debugging tricks. This engine is one of the most complex that are known today.
The virus contains the text strings:
RTP 0.1b Demo Virus (c) 1998, The Soul Manager
Greetings Mr Kaspersky, we've been expecting you ;)
If you can see this text, you are reading AVPVE!
Red Team Polymorphy 0.1b - (c) 1997 The Soul Manager [IR/G]

Home