VBScript.777
Description VBScript.777
This is a very dangerous parasitic virus written in Windows Script language. When an infected script takes control, the virus searches for other scripts (.VBS files) and infects them in the current and Windows directories, then in the Windows directories:
ProfilesAll UsersDesktop
ProfilesAdministratorDesktop
Desktop
While infecting the virus shifts files down and writes its code to the beginning of the file. As a result the original contents of affected files is not damages. The virus detects already infected scripts by the "'VBSv777" identification string that is placed at the top of virus code.
On 2nd of each month from 9:00 till 10:00 if the virus is activated, it searches for all .DOC and .TXT files on the C: and D: drives and overwrites them with the picture:
_ _
|_| |_|
| | /^^^ | |
_| |_ (| %o% |) _| |_
| | | | _ (_---_) _ | | | |_
| | | | |' | _| |_ | `| | | | |
| | / | |
/ / /(. .) /
/ / / | . | /
/ / ||Y|| / /
\__/ || || \__/
() ()
|| ||
ooO Ooo
Greetings From CTRL-ALT-DEL /CB + AVM
- http://www.codebreakers.org -
The virus then displays the MessageBox:
Greetings From CTRL-ALT-DEL /CB + AVM
- http://www.codebreakers.org -
Check other viruses! Be aware! Use Antiviral Software
Macro.Word.Goggles
Description Macro.Word.Goggles
This is an encrypted macro virus. It contains only one macro AutoOpen, but on opening an infected file creates two new macros in global macros area (NORMAL.DOT) - Goggles and FileSave. Goggles macro is a copy of AutoOpen, FileSave macro contain just one instruction that calls infection routine in Goggles macros. The virus contains the text:
WordMacro.Goggles By Pyro [VBB]
Macro.Word.GoldFish
Description Macro.Word.GoldFish
This is an encrypted virus. It contains two macros: AutoOpen, AutoClose and infects on opening and closing. Depending on the system random counter it displays the dialog box with the texts:
GoldFish
I am the GoldFish,
I am hungry, feed me.
and waits when one of the words will be entered:
fishfood worms worm pryme core
|