VBS.Mcon.b
Description VBS.Mcon.b
This worm spreads via networks, scanning them for accessible IP addresses and copies itself to them.
Being activated, the worm copies itself into the Windows fonts directory using the name "ttfload.vbs", and modifies the system registry to execute this file upon each Windows start-up. If a file has been activated from a folder other than "Fonts" or "Startup," the worm displays a false system-error message:
ERROR
FILE I/O ERROR
If the worm has been activated from a "Fonts" folder (upon Windows start-up), it runs a spreading routine.
This routine scans local hard drives and network disks. In each folder, it creates a copy of the worm's file. The created-file name the worm generates is as follows: it obtains a random file name from the recent file list, appends to its name to more than a hundred spaces and then appends the extension ".vbs". Thus, the true file extension ".vbs" is hidden with a large number of spaces.
After disk scanning is finished, the worm begins scanning the network for accessible IP addresses. It checks randomly generated IP addresses, and if the address is accessible, it tries to copy itself there.
If the worm finds the directory-contained string "mirc" in the name, it creates a SCRIPT.INI file in there. The script program in this file is automatically executed upon MIRC start-up. This script scans the network in the same way as the worm does. If an accessible IP address is found, it sends a worm copy to that address.
Depending on a randomly generated number in one case in a thousand, the worm replaces a browser's start page to "http://www.zonelabs.com/".
Check other viruses! Be aware! Use Antiviral Software
Pottie.246
Description Pottie.246
It is not a dangerous nonmemory resident encrypted parasitic virus. It searches for .COM files, then writes itself to the end of the file. The virus uses incorrect anti-debugging trick and infected programs do not work on Pentium processor. The virus contains the text string:
[CONFUSION MELTDOWN] (c) Pottie Rottie, Sweden 1994*.com
Pow
Description Pow
It is a harmless memory resident boot virus. It hooks INT 13h and writes itself to the MBR of the hard drive and boot sector of floppy disks. The virus does not manifect itself in any way. It contains the text:
-Pow-
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Monaco Phone Cards
Song Lyrics And Mp3 Download
Menopause Symptom Treatment Venice
Phone Cards
Skylights
|