Virus Database

VBS.Rabbit.c

Description VBS.Rabbit.c

This is a virus written in Windows Script language, and it is the first known virus of this type, appearing in October 1998. This virus are quite simple - just over 10 commands. It just searches for other script files in the current directory and overwrites them.
It uses File System Object (FSO) to locate and infect files. Because of this way of infection, it also able to infect JS (Java Script) files as well as VBS files.
This virus has a minor bug: when it is executed by a browser, the virus infects all files in the browser's cache and copies them to the computer's Desktop (since the browser's default directory is the Desktop). When this happens, the computer's Desktop becomes filled with the icons of the infected scripts (the virus replicates like a rabbit, which explains the basis for it's name - "Rabbit").
On the 15th of any month, the virus creates an URL file with the "CB.URL" or "The CodeBreakers.URL" name (depending on the virus version), and writes the URL reference there: "http://www.codebreakers.org". The major virus versions then also run a browser with this URL. While this is occurring, the virus also displays the following Message Box:
VBSv v2.0
by Lord Natas/CodeBreakers
The virus also contains the comments:
VBSv Version 2.0 by Lord Natas/CodeBreakers
First Windows Scripting Virus

Check other viruses! Be aware! Use Antiviral Software

Accept.3619

Description Accept.3619

This is a dangerous memory resident parasitic encrypted virus. It hooks INT 21h and writes itself at the end of COM and EXE files that are executed. If the file is already infected, the virus searches for other executable files and hits them. The virus contains the internal text string:
COMMANDSCANCLEANVSHIELDNAVCPAVBOOTSAFE
It checks the file name before infection. If the name is COMMAND, SCAN, CLEAN, NAV, CPAV and so on, the virus does not hit that file. On December, 20th and March, 28th the virus corrupts the disk sectors. The virus also contains the internal text strings:
*.COM *.EXE
747
ME PERDI A ACCEPT, SOY UN PELOTUDO

Accept.3773

Description Accept.3773

This is a dangerous memory resident parasitic encrypted virus. It hooks INT 21h and writes itself at the end of COM and EXE files that are executed. If the file is already infected, the virus searches for other executable files and hits them. The virus contains the internal text string:
COMMANDSCANCLEANNAVCPAVBOOTSAFEVSAFEIB
MAVSHVGUARDVIRTESTVCAREDAILYDISKPART
It checks the file name before infection. If the name is COMMAND, SCAN, CLEAN, NAV, CPAV and so on, the virus does not hit that file. On December, 20th and March, 28th the virus corrupts the disk sectors. The virus also contains the internal text strings:
*.COM *.EXE
747
ME PERDI A ACCEPT, SOY UN PELOTUDO

Home