Virus Database

VBS.Rabbit.b

Description VBS.Rabbit.b

This is a virus written in Windows Script language, and it is the first known virus of this type, appearing in October 1998. This virus are quite simple - just over 10 commands. It just searches for other script files in the current directory and overwrites them.
The virus do this by using DOS shell commands "find-and-copy-over" and overwriting all *.VBS (Visual Basic Script) files in the current directory.
This virus has a minor bug: when it is executed by a browser, the virus infects all files in the browser's cache and copies them to the computer's Desktop (since the browser's default directory is the Desktop). When this happens, the computer's Desktop becomes filled with the icons of the infected scripts (the virus replicates like a rabbit, which explains the basis for it's name - "Rabbit").
On the 15th of any month, the virus creates an URL file with the "CB.URL" or "The CodeBreakers.URL" name (depending on the virus version), and writes the URL reference there: "http://www.codebreakers.org". The major virus versions then also run a browser with this URL. While this is occurring, the virus also displays the following Message Box:
VBSv v1.1
by Lord Natas/CodeBreakers
The virus also contains the comments:
VBSv Version 1.1 by Lord Natas/CodeBreakers
First Windows Scripting Virus

Check other viruses! Be aware! Use Antiviral Software

Rider.577

Description Rider.577

It is a dangerous nonmemory resident parasitic encrypted virus. It searches for COM files and writes itself to the end of the file. It deletes the files:
C:COMMAND.COM
C:DOSCOMMAND.COM
C:IO.SYS
C:MSDOS.SYS

It contains the text strings:
The iNFiLtRAtOR Virus by The Dark Rider from Norway-93
*.COM

RiftVilly family

Description RiftVilly family

These are harmless memory resident parasitic viruses. They hook INT 21h, and write themselves to the end of COM files. "RiftVilly.469" intercepts file access to DOS functions and infects COM files that are executed, opened or renamed; "RiftVilly.490" does the same with EXE files. "RiftVilly.480" intercepts a ChangeDir DOS function, and upon such calls, searches for .COM files in the current directory and infects them.
The viruses contain the following text strings:
"RiftVilly.469": Rift Villy v.3.4
"RiftVilly.480": Rift Villy v.3.1
"RiftVilly.490": Rift Villy v.4.0

Home

Viruses from A to Z
0-9 A B Ñ D E F G H I J
K L M N O P Q R S T
U V W X Y Z



Key Loger
Plumping Lip Gloss
Tableless Layout
Madagascar Calling Card
Calling Cards

    Copyright © 2005 Virus-Database.com
© 2005 Virus-Database.com