Virus Database

VBS.Rabbit.b

Description VBS.Rabbit.b

This is a virus written in Windows Script language, and it is the first known virus of this type, appearing in October 1998. This virus are quite simple - just over 10 commands. It just searches for other script files in the current directory and overwrites them.
The virus do this by using DOS shell commands "find-and-copy-over" and overwriting all *.VBS (Visual Basic Script) files in the current directory.
This virus has a minor bug: when it is executed by a browser, the virus infects all files in the browser's cache and copies them to the computer's Desktop (since the browser's default directory is the Desktop). When this happens, the computer's Desktop becomes filled with the icons of the infected scripts (the virus replicates like a rabbit, which explains the basis for it's name - "Rabbit").
On the 15th of any month, the virus creates an URL file with the "CB.URL" or "The CodeBreakers.URL" name (depending on the virus version), and writes the URL reference there: "http://www.codebreakers.org". The major virus versions then also run a browser with this URL. While this is occurring, the virus also displays the following Message Box:
VBSv v1.1
by Lord Natas/CodeBreakers
The virus also contains the comments:
VBSv Version 1.1 by Lord Natas/CodeBreakers
First Windows Scripting Virus

Check other viruses! Be aware! Use Antiviral Software

Holiday.3000

Description Holiday.3000

This is a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed. After infecting a file the virus tries to infect COMMAND.COM file of the current drive.
On March, 3th the virus displays the message:
+----------------------------------------------------------------+
ƒ ATTENTION! ƒ
ƒ I'm very sorry, today is my holiday. ƒ
ƒ So, I can't serve you, cause I want to play on your computers. ƒ
ƒ ƒ
ƒ DON'T TURN OFF YOUR COMPUTER UNTIL TOMORROW, ƒ
ƒ OR YOUR DATA WILL BE LOST!!! ƒ
ƒ ƒ
ƒ I'll be back to serve you tomorrow. ƒ
ƒ Thank You, ƒ
ƒ ƒ
ƒ AAA ƒ
+----------------------------------------------------------------+

And then wait for March, 4th. Then the viruses display the message and reboots computer:
Thank You for playing, see youall
Please, hit ENTER!
The virus also contains the text string:
apa saja

Holms.6161

Description Holms.6161

It is not a dangerous memory resident parasitic polymorphic virus. It hooks INT 8, 1Ch, 21h, 28h and writes itself to the end of COM and EXE files (except COMMAND.COM) that are executed or opened. On INT 8 and INT 28h calls depending on its counters and system conditions, the virus searches for the files and infects them. The virus contains the text strings:
PATH=COMMAND COMEXE*.*
Copyright 1989-1992. Version 1.05-NC for antivirus program debugging.
Holms.

When both Left/Right Shift keys are pressed, this virus plays a tune. Sometimes it performs a Control-Break call (INT 1Bh).

Home