Walrus.482
Description Walrus.482
It is not a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are executed. The virus also intercepts several virus-ID ("Are you here?") INT 21h calls and seems to cancel their spreading.
Depending on the system date and time the virus displays one of the messages:
/* CHRiSTiAN iS A GooN */
/* JiREE HoSAN */
The virus also contains the text strings:
/* May 19th */
/* ANTi-VLAD CoDE */
/* WALRUS */
Check other viruses! Be aware! Use Antiviral Software
Macro.Word97.Apmrs
Description Macro.Word97.Apmrs
This is a polymorphic macro virus. It infects Word97 documents. It contains only one macro: AdvancedPolymorphicMacroReplicationSystem.
Macro.Word97.Argh
Description Macro.Word97.Argh
The virus code contains fifteen macros in one module "NewMacroses". The virus spreads on creating, opening, closing documents as well as on exiting Microsoft Word. On infecting the system the virus copies original NORMAL.DOT to user template directory with the WINDOT.DLL name, and infected NORMAL.DOT with the WININF.DLL name.
On selecting the ToolsMacro menu the virus checks the number of opened documents. If no documents are opened, the virus displays the message:
Microsoft is protecting your normal.dot from virus infection You can
only add macros to other documents
Otherwise the virus removes itself from normal template and on leaving the ToolsMacro dialog window reinfects it.
While infecting the virus with probability 2% displays the assistants balloon:
Help me
I'm not feeling very vell .. AAARGHH!!!
|