Virus Database

TrojanDropper.Win32.Small.kv

Description TrojanDropper.Win32.Small.kv

This primitive Trojan is written in Assembler and is packed using FSG. The packed file is approximately 6KB in size, and the unpacked file is approximately 60KB in size.
When launching, it saves a file named eplrr9.dll (which contains Trojan.Win32.StartPage.nu) to the %System% directory. It then launches this file. TrojanDropper.Win32.Small.kv also registers eplrr9.dll in the system registry:
[HKLMSoftwareMicrosoftWindowsCurrentVersionShellServiceObject]
The Trojan does not manifest its presence in the system in any way.

Check other viruses! Be aware! Use Antiviral Software

TempVir.466

Description TempVir.466

It is a harmless nonmemory resident parasitic virus. It searches for COM files only in C:TEMP directory, then writes itself to the end of the file. The virus does not manifest itself in any way, it contains the text string:
C:TEMP*.COM

TenBytes.1411

Description TenBytes.1411

This is a dangerous, memory resident parasitic virus. It hooks INT 21h, and writes itself to the end of COM and EXE files that are loaded into the memory. While infecting COM files, the virus writes the 32-byte Jmp-Virus routine to the beginning of the file. In infected EXE files, there are two possible variants of the entry offset in the virus code.
The virus activates only when the interrupt handler contains the word FC80h (this condition is always met if INT 21h points in DOS to the original system handler). Then the virus patches the first five bytes of the INT 21h handler with JMP FAR Loc_Virus instruction, copies itself to the system memory at the address 9800:0000, and does not fix the MCB list. This might halt the computer. The virus also hooks INT 1 and 3, and disables the debugger.
Starting from September 1st, while writing to the disk (INT 21h,AH=40h), the virus changes the address of the data buffer, and as a result, corrupts the data that is saved on the disk.

Home