Vanitas.3712.a
Description Vanitas.3712.a
This is a dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of EXE files that are accessed. The virus does not infect the files: EMM386, SCAN, F-PROT. While installing memory resident the virus also infects the C:WINDOWSCOMMAND.COM and C:COMMAND.COM files (they are of EXE format in DOS 7.x).
The virus has a bug and may halt the system while installing memory resident. On March 27th the virus manifests themselves by a video effect.
The virus contains the text strings:
VANITAS++ v2.0 GR(c)97 by ANAX.
[E-75] goes to Hell. Have a nice deathall
Check other viruses! Be aware! Use Antiviral Software
Serbu family
Description Serbu family
These are not dangerous memory resident encrypted parasitic viruses. They use several levels of anti-debugging tricks in installation routine as well as in interrupt handlers. They write themselves to the end of COM and EXE files that are executed or opened, as well as to the end of .GIF and .JPG files (!!).
When an infected file is executed, the virus decrypts itself by using INT 1 and INT 3 hooks, then allocates block of DOS memory, copies itself to there, traces INT 21h, 2F and hooks them. To hook INT 2Fh the virus patches the DOS kernel.
Depending on the system date the viruses display the rectangle:
XXXXXXXX
XXXXXXXX
"Serbu.3493" displays the text:
.. A_C_O: Dirgantara Jaya ..
The viruses also contain the text strings:
"Serbu.3493": R-SERBU-1 (c)09-16H Emhaka
"Serbu.3493": -SERBU-
Sesc.448
Description Sesc.448
It is not a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are executed. The end of each infected file contains the ID-word "SESC".
|