Virus Database

VLAD family

Description VLAD family

These are memory resident parasitic encrypted viruses. They hooks INT 21h and write themselves to the end of COM and EXE files that are accessed. They delete the files ANTI-VIR.DAT, MSAV.CHK, CHKLIST.CPS, CHKLIST.MS. They contain the text strings:
"VLAD.1221": [VLAD virus] by VLAD! [VIP v0.01]
"VLAD.Antipode.737,802":
COMcomTBSCAN.EXE [Antipode 1.0] by Automag/VLAD
"VLAD.Antipode.1007,1087":
TBDRIVER COMcomTBSCAN.EXEPROT.EXE
[Antipode 2.0] co nm /nomem
"VLAD.August": [The Hot August Night Virus] by [The Lamer Tamers]
"VLAD.Daddy": [Incest Daddy] by VLAD - Brisbane, OZ
"VLAD.Dir": [VLAD-DIR] [Darkman/VLAD]
"VLAD.Idle": [DOS Idle] [Darkman/VLAD] DI
"VLAD.Insert.260": [Insert v 1.7] [Darkman/VLAD]
"VLAD.Insert.273": [Insert] [Darkman/VLAD]
"VLAD.Insert.292": [Insert v 2.0] [Darkman/29A]
"VLAD.Lazuli": [Lapis-Lazuli], Rhince/VLAD
"VLAD.MonAmi": [Mon ami la pendule] - Metabolis/VLAD
"VLAD.MonAmi.1085": [ Blue Sad v1.1 by Jimmy Sad at T.P.V.O ]
"VLAD.MonAmi.1098": [ Blue Sad v1.1 by Jimmy Sad at T.P.V.O ]
"VLAD.Monkeys": Monkeys out of Control
"VLAD.Neither": I love you P, always will
[neither here, nor there] Metabolis/VLAD
"VLAD.QMagick": Quantum Magick
"VLAD.Replicator": *.EXE [Replicator] [Darkman/VLAD]
"VLAD.Republic": Go the Republic! Fuck off Royal Family!
Qark/VLAD of the Republic of Australia

"VLAD.Daddy,Republic" are harmless ones. Depending on the system date "VLAD.August" erases the hard drive sectors.
VLAD.Antipode
During execution of TBSCAN.EXE anti-virus scanner that virus substitutes the file length on FindFirst/Next calls with zero value to disable TBAV heuristic scanning. While executing the TBSCAN and F-PROT programs the virus forses these scanner do not scan the system memory by hacking the command line, the virus adds the string "co nm" or "/nomem" to the command line.
VLAD.Arme
It is not a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are executed. Depending on the system time the virus appends to the end of the C:AUTOEXEC.BAT file the string:
@ECHO din mamma har paa sig arme stoevlar!

The virus also contains the text string:
Metabolis/VLAD

VLAD.Goodbye
It is a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are accessed. The virus has a bug and while infecting EXE files it may corrupt them. The virus does not infect the files: TBSCAN.EXE, AVP.EXE, F-PROT.EXE, SCAN.EXE, DV.EXE, PROGMAN.EXE. To check file names and separate file formats (COM and EXE) the virus uses quite complex CRC algorithm. The virus contains the text strings:
Goodbye everyone!
Viruses were fun, but I've got other things I'd like to do
Qark/VLAD

VLAD.Idle
It is a harmless encrypted virus. It hooks INT 28h, and on such calls it searches for the file name that is being executed, and write itself to the end of the file.
VLAD.Insert
It is a harmless virus. It hooks INT 21h and intercepts DOS function CreateFile, then it writes itself to the beginning if newly created (copied) .COM files.
VLAD.KatyDid
It is not a dangerous memory resident encrypted parasitic stealth virus. It hooks INT 21h and writes itself to the end of .COM and .EXE files that are executed or closed. If a FOSSIL driver is installed, the virus also hooks INT 14h and in some cases calls some FOSSIL function (put the text strings to FOSSIL data buffer?). The virus contains the text string:
[KatyDid Tar] Nostradamus / NuKE
---------------------------------------------------
The joke of Interpol
&pount;100 reward by M5 for the person who can successfully
connect this Brisbane, Australia, based virus writing
group to the recent wave of viruses found in Britian's
economic community. If you have any information, send
it to frisk@isle.com, and it will be dealt with in the
manner of utmost confidentiality!
Constable Alan Solomon
New Scotland Yard, CCU

VLAD.Mummy.471
It is a harmless memory resident encrypted companion virus. It hooks INT 21h and while executing an .EXE files the virus creates the companion .COM file. The virus contains the text string:
[Mummy Incest] by VLAD of Brisbane. Breed baby breed!

VLAD.NoOne.1237
It is a harmless memory resident parasitic polymorphic virus. It hooks INT 21h and writes itself to the end of COM files that are executed. It contains the text string:
VLAD.NoOne.Mutate.0_01.1187 (c) July 1995 by NoOne the unknown VLAD-member

VLAD.Padania
It is a harmless memory resident parasitic stealth and polymorphic virus. It writes itself to the end of COM and EXE files. When an infected file is executed, the virus searches for COM files in the current directory and infects them. It then hooks INT 21h, stays resident and infect files that are accessed.
The virus checks the file name and does not infect the anti-viruses:
AV* (AVP, AVSCAN), TB* (TBAV,all), IV*, PR*, -V (AVP old name).

If several utilities are active, the virus disables its stealth routines, the list of these utilities looks as follows:
PKZIP, ARJ, UUENCODE, BACKUP, LHA, RAR, MODEM, SPEEDISK, DEFRAG,
MSBACKUP, CPBACKUP

When anti-virus programs are executed, the virus appends "do not test memory" command option, and cancels memory scanning:
anti-virus option
TBSCAN: CO NM
TBSETUP: RM
AVP: /M
F-PROT: /NOMEM /COMPAT
SCAN: /NOMEM
AVSCAN: /NM

As a result, these anti-viruses cannot to detect the virus in the system memory. To break this stealth ability it is necessary to rename anti-virus executable file to some other name.
The virus contains the text strings:
Padania Virus by Qark/VLAD
This virus is dedicated to all the people in Padania
(Northern Italy) who seek separation from Southern Italy
and to their party Lega Nord.
Questo virus e' dedicato agli abitanti della Padania, in cerca dell'
indipendenza dal sud italia, ed al loro movimento Lega Nord

VLAD.Prodigy.393
It is a harmless nonmemory resident parasitic virus. It searches for .COM files and writes itself to the end of the file. It contains the text strings:
[Prodigy] v3.0 by Metabolis/VLAD
"Feel the jungle vibe baby"
"In the jungle, In the jungle.."

VLAD.Sister.792
It is a harmless memory resident parasitic encrypted virus. It hooks INT 21h and writes itself to the end of EXE files that are accessed. It contains the text string:
[Incest Sister] by VLAD - Brisbane, OZ

VLAD.Systa.231
It is a harmless nonmemory resident parasitic virus. It searches for SYS files, then writes itself to the end of the file. The virus contains the text strings:
SySta by Qark/VLAD
*.sys

VLAD.Tasha
It is a dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of .COM and .EXE files that are accessed. The EXE files are infected incorrectly, they halt the system being executed. In some cases the virus also hooks INT 14h (COM port), and on some calls (BBS login?) it displays the message:
XXXXXXXX xXXXXXx xXXXXXx XXX XX xXXXXXXx XX XX xXXXXXXx XXXXXXxx
xXx XXxxxXX XXxxxx XXXxxxXX XXxxxxXX XXxx xXX XXxxxxXX XX XXX
xXx XXxxxXX xxxxXX XXXxxxXX XXxxxxXX xXXXXx XXxxxXXX XXXXXX
xXx XX XX xXXXXXXx XX XX XX XXX xXx XX XX XXX xXX
Proudlyy Presentedd by Quantuum

It also contains the string:
[Tasha Yar] by Quantum / VLAD

Check other viruses! Be aware! Use Antiviral Software

Scitzo Family

Description Scitzo Family

These are dangerous memory resident parasitic polymorphic viruses. They hook INT 21h and write themselves to the end of COM and EXE files that are executed ot opened. While installing memory resident the viruses infect the C:DOSEDIT.COM file. While infecting a file they compare the file name with the string of the names of anti-virus utilities (three letters per name) and do not infect the files with the names from that string:
TBATBSF-PVSHMSATBCCPAVSAVIRSCACLETOO

Depending on the system timer the viruses append the text string to the files that are opened:
I feel a little scitzoall

The viruses also contain the strings:
C:DOSEDIT.COM
SCITZO - by "RED A", Lund, Sweden 1994

Different versions contain the strings:
"Scitzo.1285,1337": So, you've found this text?
"Scitzo.1264,1329": Fan, här går man...

Scorpio.1000

Description Scorpio.1000

It is a harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed or opened. It contains the text strings:
Plovdiv
Scorpio

Home