Virus Database

TrojanDownloader.Win32.Ultimx.a

Description TrojanDownloader.Win32.Ultimx.a

Ultimix is "downloader" trojan which downloads a given file from a site and then tries to copy it to the computers accessible on a network. The trojan program itself is a Windows PE EXE file about 28KB in length (when compressed by UPX, the unpacked file size is about 60KB) and written in MS Visual C++.
When the trojan code is run the trojan installs itself into the system. It copies itself to the Windows system directory and registers this copy in the system registry auto-run key:
[HKCUSoftwareMicrosoftWindowsCurrentVersionRun]
rdvs = %worm file name%
The "worm file name" can vary. Next the trojan tries to download a file from the site at http://www.ultimxxx.net/exefiles and saves it under the names DIALER.EXE or DIALER123.EXE.
After this the trojan starts to scan a network. When it finds a computer that is giving resources for general network purposes, it copies to this computer the file:

DIALER123.exe
The files DIALER.EXE or DIALER123.EXE represent the program that performs a call-back for and the establishment of a modem connections with private servers with pornographic contents (see "not-a-virus:Pornodial.generic").

Check other viruses! Be aware! Use Antiviral Software

Lyby.612

Description Lyby.612

It is not a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the beginning of COM files that are executed. On Thursday 1st it displays the picture:
? ?
/|/|¦ ¦

The virus contains the text strings:
Matrix V2.04 by LyByYy,COPYRIGHT (C) 1992

Lyceum Family

Description Lyceum Family

These are not dangerous memory resident parasitic viruses. They hook INT 8, 9, 21h and write themselves to the end of COM and EXE files ("Lyceum.1975" infects COM files only).
If the keys were not pressed during a long time, these viruses display a message in Russian. "Lyceum.1832" contains the text:
Welcome to Lycee of Information Technologies !

"Lyceum.1888,1950" display:
+------------------------------------------------------------------+
¦ You are welcome ! ¦
¦ Moscow Institute of Radioengineering, Electronics and Automation ¦
¦ Moscow ¦
¦ Vernadsky Avenue 78 ¦
¦ Phone of MIREA: 433-00-66 ¦
+------------------------------------------------------------------+

"Lyceum.703" depending on its internal counter creates the README.!!! file and writes to there a message in Russian.
"Lyceum.944" depending on the current date encrypts MBR of hard drive.

Home

Viruses from A to Z
0-9 A B Ñ D E F G H I J
K L M N O P Q R S T
U V W X Y Z



Billigt Online
Retire In Costa Rica - Realty Experts
Sprzęt Sportowy
Pengar På Nätet

    Copyright © 2005 Virus-Database.com
© 2005 Virus-Database.com