Virus Database

VBS.Monopoly

Description VBS.Monopoly

Another Melissa-like worm. It spreads through e-mail using MS Outlook client. The main difference between the two worms is this one is written in Visual Basic Script instead of MS Office macro-language. Most of its code is encrypted to make analysis more difficult.
The virus arrives to a computer as an e-mail message with an attached "MONOPOLY.VBS" file. When this file (containing VBScript) is executed, it creates an image file "MONOPOLY.JPG" in a temporary folder. It also creates another two files "MONOPOLY.WSH" and "MONOPOLY.VBE". The VBE file contains encrypted VBScript and executes with a WSH file.
When VBE is executing, it displays the message:
Bill Gates is guilty of monopoly. Here is the proof

Then it displays picture from the image file. The picture shows Bill Gates' face on a Monopoly game board.
The worm's spreading routine is very close to the routine of "Melissa" virus. Worm sends itself to every address from the Outlook address book. The message contains the attached file "MONOPOLY.VBS".
Subject:
Bill Gates joke
Text:
Bill Gates is guilty of monopoly. Here is the proof. :-)

Warm also sends another message to the following addresses:
monopoly@mixmail.com, monpooly@telebot.com, mooponly@ciudad.com.ar,
mloponoy@usa.net, yloponom@gnwmail.com

In this message, the worm sends a list of names and addresses from an Outlook address book, ICQ UIN files and information obtained in the Windows registry:
Registered user name and organization
Network computer name
DVD region
Country and area code
Language
Windows version
Internet Explorer start page
After all this, the worm modifies the system registry:
"HKEY_LOCAL_MACHINESoftwareOUTLOOK.Monopoly" = "True"

In this way, the worm marks a computer and will not send messages from this computer next time.


Demonstrations of the virus effects:


monopoly.jpg

Check other viruses! Be aware! Use Antiviral Software

Leproso.1221

Description Leproso.1221

It is a dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the beginning of .COM files (except COMMAND.COM) are executed or opened. While infecting the virus creates a temporary file. Depending on the system date it displays the message:
Felicitaciones su máquina esta infectada por el virus LEPROSO creado por
J.P.G., hoy es mi cumpleaños y lo voy a festejar formateando su rígido!!!
Byeall(Vamos Ñull que con Diego somos campeones)
CopyRight (C) 1993 hasta 2000, J.P.G., Rosario, Argentina

and then halts PC. The virus also contains the text strings:
Diego_es.NOB
MOC.DNAMMOC

Leprosy Family

Description Leprosy Family

There are very dangerous nonmemory resident encrypted overwriting viruses. They overwrite .COM and .EXE files of directories of a current drive. Then the viruses display:
Program too big to fit in memory

and return to DOS when. The infected files cannot be disinfected. Some versions of these viruses erase FAT of the current drive. The viruses contain the text strings "*.EXE *.COM .." and
"Leprosy.BadBrains.554,570":
SKISM
Bad Brains

"Leprosy.562":
*------------------------------*
NIGHTCRAWLER VERSION 3.0
(C) SECTOR INFECTOR
*------------------------------*

"Leprosy.Busted.570,571,572":
Busted!
This is based on Leprosy-B. Thanx PCM2Busted, Strain A, version 1.0
By ¶§ÿÇ+@&_+¦+ (Psychogenius), September '91

"Leprosy.Sandra.535,573,579":
This Virus is dedicated to Sandra H., V0.02
Nazgûl

"Leprosy.585":
I'm sorry, Daveall but I'm afraid I can't do that!
Dedicated to the dudes at SHHS
The BOOT SECTOR Infector ...

"Leprosy.591":
Autopsy indicates the cause of
death was THE PLAGUE
Dedicated to the dudes at SHHS
VIVE LE SHE-MAN!

"Leprosy.595":
This program requires Microsoft Windows.
Legalize Graffitipainting!
Scribble 1.00 (c) 1992 VIRINC.

"Leprosy.600":
I'm sorry John McAfee (NOT!)...Secret Service Virus has arrived...
Dedicated to all virus makers!
By: Agent #13/Nuke Member
Killed by:

"Leprosy.625":
Why did he have to die?
---PLEASE!---
I miss him. He was my only true friend in the whole god-damned world!
Life sucks. IT ISN'T FAIR!

"Leprosy.647":
Oh, life. I apologize for this terrible thing.
It is time for a chance. I'm a person with a message.
Fratricide - Murders a brother.
-- By Cone -- be ready to see more

"Leprosy.664":
Betrayal is a sin, if it comes from another..
The Unforgiven / Immortal Riot
Dedicated to Ellie! - Lurve you!
Sweden 15/09/93

"Leprosy.666.a":
NEWS FLASH!! Your system has been infected with the
incurable decay of LEPROSY 1.00, a virus invented by
PCM2 in June of 1990. Good luck!

"Leprosy.666.b,c,h":
ATTENTION! Your computer has been afflicted with
the incurable decay that is the fate wrought by
Leprosy Strain B, a virus employing Cybernetic
Mutation Technology(tm) and invented by PCM2 08/90.

"Leprosy.666.d":
Program too big to fit in memory
NEWS FLASH!! Your system has been infected with the
incurable decay of LEPROSY 1.00, a virus invented by
PCM2 in June of 1990. Good luck!

"Leprosy.666.e":
Come to RMIT for your
Comm Eng. degree with a major in VIRUS
This is what you can do. HAHA!!

"Leprosy.666.i":
I have taken over your PC, and I have full control.
You can try to catch me, even try to stop me...
But I don't plan on leaving peacefully. Muhahaha!!
((This is the part where you say 'OH SHIT!'))

"Leprosy.666.j":
File allocation error.
The Roger-1 Virus has made you sick!
FUCK THOSE GOD DAMN NIGGERS!
Virus dedicated to Ken N. Hahaha!

"Leprosy.666.k":
ATTENTION! Your computer has been afflicted with
the incurable decay that is the fate wrought by
Leprosy Strain D, a virus employing Cybernetic
Mutation Technology(tm) and invented by PCM2 08/90.
W/ Mods By CopyFright Inc. 02/94

"Leprosy.666.o":
Hello all, I'm John Fag Mcafee and I wrote the
whale virus.. I would like to say all you out
there are just so stupid using my scan program
Since I even write viruses just to screw with you!!

"Leprosy.736":
The SILVER DOLLAR VIRUS v2.00f
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

"Leprosy.808":
Skism Rythem Stack Virus-808. Smart Kids Into Sick Methods
Dont alter this code into your own strain, faggit.
HR/SSS NYCity, this is the fifth of many, many more....
You sissys.....

"Leprosy.814":
If You Think You Saw A Part Of Your Source Code In This
You're Probably Right! When Making This I Used Pieces
From Other Sources...heheh...What Can I Say? I'm A Pirate
At Heart! -Lithium Chloride

"Leprosy.907":
YAM 92 -Mind Riot Strain B- LiCl
The Mind Riot - Strain B
-LiCl -YAM '92
Howrya: Mr. M, Nap, N.S, S.M, Displ, Lov, Otto, A.B, K.P
Whatsup: RABID, SKISM, SAC, CPI, Etc, Etc.
Middle Finger To: McAffee

"Leprosy.Beavis":
HE-HE-HE-COOL, BEAVIS & BUTTHEAD

"Leprosy.Jas.792":
Error #107 - Packed Data file corrupt
-- THE STUMPINATOR VERSION 1.0 --
-- (C) SECTOR INFECTOR 1992 --
-- WRITTEN FOR J.G.C.- JAS! --
-- PROGRAMMED BY THE WEASEL --
Hoo-leee Sheep shit, eh?
It looks like your hard drive is
REALLY FUCKED, HUH????
TEE HEE! TEE HEE! TEE HEE! TEE HEE!

"Leprosy.Flood.999":
Virus: Northern Light Kind
Author: Delta-9-Tetrahydrocannabinol [FLooD]
Smoke out to all pot smokers/growers out there - Legalize
(c) -FLooD 1995-

"Leprosy.Merci.308":
Merci virus infected :

"Leprosy.YH.880":
This is a virus. Press (Y) to continue.. or (H) for help!
This is a virus goddamnit.. no /options needed to run!
I see.. you dont want enuff about viruses?
It will simply overwrite all your EXE-files in this dir with its own code!
No damage will be done, unless you accept it yourself!
Now releasing the virus... Thanks for pressing YES!
This virus created by Pottie Rottie, Sweden 1994 :)
Hiya..time to play dude!
If you press (Y) all sectors from drive C-Z will be overwritten!
If you press something else.. nothing will happen!
Dont make virus writing illegal! I dont wanna be unemployed :)

On Friday, 25th "Leprosy.1580" displays the message:
I'll be back...
HELLRAISER

and tries to format the HD sectors. It also contains the text strings:
*.EXE ARMOR Written by Dennis Yelle
-=PHALCON=-
Hellraiser/SKISM

"Leprosy.946" displays:
Error in Executable
I've never been able to ascertain its exact nature, but I'm certain of its
symptoms - dementia, paranoia, shizophrenia, hallucinations. The end result
is always death...The virus lives to reproduce - it seems to have no other
purpose...Once infected, the organism's central nervois system suffers a
complete breakdown, leading to death.
-- Silver Surfer #61
The Silver Surfer Virus - Lep-B variant - by

"Leprosy.946" displays a color picture. It also contains the texts:
The man who brought you
622, Skism One, Captian
Trips, and Sub-Zero now
shanks you again, with
his latest...
Skism 1992 - Virus
Get a late pass!
McAfee wrote Whale!!!!!!

"Leprosy.Echo.425" displays the message "Bad command or file name" and overwrites AUTOEXEC.BAT file with the strings:
ECHO OFF
CLS
ECHO Greetings from RigorMortis and SCP/NuKe,Oz!

"Leprosy.Lubec" contains the text:
LUBEC
Lubec II ,Microsoft MS-DOS 6062PTCH '93 .. (c) Microsoft.
.....zooooooottt.........

"Leprosy.Misery" displays:
Metal up your ass..
My friend of Misery...
Hearing only what you want to hear
and knowing only what you've heard
you you're smothered in tragedy
you're out to save the world

"Leprosy.Oss" displays:
I'm sorry, man ... but I'm afraid I can't do that!
Dedicated to the dudes at Dixons Oss
The BOOT SECTOR Infector ...

"Leprosy.Peace_SA.777" contains the string "COMMAND.COM *.com chklist.ms", it displays:
Peace, like racism is a two way thing,
Black and white must come
together if we all are going to win in the end..
- love from Ol' Jim Blue...
Let's have Peace in S.A. - from Ol' Jim Blue

"Leprosy.Riot.666" contains the strings:
That is not dead Which can eternal lie Yet with strange aeons Even death
may die LiVe AfteR DeATH...Do not waste your time Searching For those
wasted years! (c) 93/94 The Unforgiven/Immortal Riot Thanks to Raver and
Metal Militia/IR Maria K - Life is limited, love is forever... Open to
reality, forever in love... Program too big to fit in memory ***HUMAN
GREED*** The answer of all evil on earth! Do You Belive? Farwell!....

"Leprosy.Riot.808" contains the strings:
Metal Militia / Immortal Riot
...and Justice for all
Justice is lost
Justice is raped
Justice is gone
Pulling your strings
Seeking no truth
Winning is all
Find it so Grim
so true
so real

"Leprosy.Riot.808.c" contains the strings:
Skism Rythem Stack Virus-808. Smart Kids Into Sick Methods
Dont alter this code into your own strain, faggit.
HR/SSS NYCity, this is the fifth of many, many more....
You sissys.....

"Leprosy.Sector.827" contains the strings:
(C) Sector Infector 1992 - The WÉÆsêl will be BACK!
Attempts to read, and/or alter this code are prohibited
Now wasn't all that ANTI-VIRUS software really worth it?
NOT!! MUHAHAHAHAHAAA!!! ___THE WÉÆSêL!___

"Leprosy.Seneca": sometimes it erases the logical disk sectors. On November, 25th it displays:
HEY EVERYONE!!!
Its Seneca's B-Day! Let's Party!

It also displays other strings:
You shouldn't use your computer so much,
its bad for you and your computer.
FATAL ERROR -- EXE is Fucked!!!

"Leprosy.Smap.1306" contains/displays the strings:
ARRRRGGGGHHHHH! THIS IS A LITTLE DATA AREA!ARRRRGGGGHHHHH!
THIS IS A LITTLE DATA AREA!
ARRRRGGGGHHHHH! THIS IS A LITTLE DATA AREA! BUT THIS ONE IS BIG!
[SPAM] BY PAVA OF CDC
HEY... IT LOOKS LIKE YOU MIGHT HAVE A VIRUS! BETTER HURRY AND
BUY A NEW HARD DRIVE!
ERR... BLECH!

"Leprosy.Ultra.1306" contains/displays the strings:
Arrrrgggghhhhh! This is a little data area!Arrrrgggghhhhh!
This is a little data area! Arrrrgggghhhhh!
This is a little data area! But, this one isbig!
HuGZ aND KiSSeS, ToNYa!
...this is just the beginning, next time, we come in force!
HeLLo THeRe CoMPuTeR uSeR, WeLCoMe!
i HaVe BeeN iNVaDiNG YouR SySTeM, i ReaLLY HoPe You
DoNT MiND! i ReaLLy LiKe THe eNViRoNMeNT You HaVe FoR Me
QuiTe eaSiLy iNFeCTaBLe! You eND uSeR GeeKS WiLL NeVeR
WiN! JuST KeeP PLaYiNG WiTH YouR WiNDoWS aND SHuT uP!
THe aTTiTuDe aDJuSTeR, ViRuLeNT GRaFFiTi
NAME: uLTRa V, a KiCKaSS GuiTaR FRoM CaRViN!
BY: THE ATTITUDE ADJUSTER
ViRuLeNT GRaFFiTi, CLeVeLaND
GiMMie a GooD eNTRy iN VSuM, PaTTi, You BiTCH!
PiCK a SCaN STRiNG, JoHN, THe NeXT oNe ReaLLy MuTaTeS!
GReeTZ To SKiSM/PHaLCoN aND ViPeR!

Leprosy.1207
This virus overwrites .COM files of the current directory. It contains the text string "*.CoM" and displays the messages:
+--------+-----+-----+----+------+-------+
| IlDono | (C) | '93 | by | GROG | Italy |
+--------+-----+-----+----+------+-------+
* Il dono *
Era il periodo delle feste.
Ella e suo marito avevano
deciso di assistere a una
rappresentazione di Re Lear.
Era la prima volta che
uscivano insieme da mesi.
Durante il secondo atto uno
degli interpreti si senti' male.
Il direttore del teatro venne in
palcoscenico e chiese: "C'e' un
dottore in teatro?"
Il marito di lei si alzo' e
grido': "Io ho una laurea ad
honorem in teologia!"
Fu in quel momento che ella decise
di non regalargli niente per
* Natale. *

Leprosy.5120
This virus overwrites .EXE files of the current directory. Sometimes it launches the "Frodo" virus. "Leprosy.5120" also contains the text string:
Dedicated to_all^those-idiots_that have^been_wasting their-time_to^crack
this simply^encrypted_CRYPTO vir WHY^DO_YOU
BOTHER-AT_ALL!^Farewell-to_all^you

Leprosy.Sandra_II
It's a polymorphic virus. It searches for .COM and .EXE files and overwrites them. This virus contains the text strings:
SANDRA*.eXe *.cOm
This Virus is dedicated to Sandra H., V0.07
(c) Nazgûl

It also deletes the files:
ANTI-VIR.DAT
C:TBAVVIRSCAN.DAT
CHKLIST.CPS
C:CPAVCHKLIST.CPS
C:NAV_._NO
C:NOVIRCVR.CTS
C:NOVIPERF.DAT
C:TOOLKITFILES.LST
C:FSIZES.QCV
C:UNTOUCHUT.UT1
C:UNTOUCHUT.UT2
C:VS.VS

Home