Virus Database

Warblade.1052

Description Warblade.1052

This is a benign non-memory resident encrypted parasitic virus. It searches for EXE files, then writes itself to the end of the file. On February 14th (Valentine's Day), the virus displays the following message and prints on the screen:
I loved you, I always loved you, but it was nothing but a waste of time.
May you burn in the Hell, if it really exists, my little slut,
or suffer what you made my fragile and tender heart suffer.
This should be the right Doom for each fucking cheater all......
if it was, it wouldn't be this one the Hell.
Ti amavo poiche' mi facevi tenerezza....adesso ti odio poiche' mi fai schifo
a proposito: Tanti Auguri, Valentina
ChEaPeXe v1.0
...by Wâr läDÉ/LT...

Check other viruses! Be aware! Use Antiviral Software

Bebe.486

Description Bebe.486

These are nonresident dangerous viruses. They affect .COM-files in the current directory. They increase the size of infected file up to a paragraph, copy themselves at the file end and alter its first 14 bytes (PUSH AX; all ; JMP FAR Loc_Virus ). The viruses have an error - doesn't restore DTA. This might result in hanging up the computer. There is one more delicate error: they doesn't take into account that INTEL 80x80 processor has a conveyer, and modifies the command following the current one, the result is that the viruses work only on old IBM PC models. Apart from the above text the viruses contain the string "*.COM".
The viruses are nonresident, but they create a small memory-resident program. With this purpose they copy a part of viruses' body to the interrupt vector table at the address 0000:01CE and sets INT 1Ch or INT 21h to this program.
"Bebe.486" hooks INT 21h and while writing into file (INT 21h, f.40h) it changes '+' to '-' and '-' to '+' in buffer is writing.
"Bebe.1004" hooks INT 1Ch (timer) and some time later displays the following message:
+-------- VIRUS ! ------+
ƒ Skagi "bebe" > ƒ
+-----------------------+

After the word "bebe" is typed in from the keyboard, the virus answers: "Fig Tebe !".

Beda.883

Description Beda.883

These are memory resident parasitic stealth viruses. They hook INT 21h and write themselves at the end of the files are executed or closed. On infected file opening the viruses disinfect it, and then hit again on closing. They use BEDAh hexadecimal value as virus ID word for infected files, and on detection of already loaded virus TSR copy.
"Beda.883,1301" hit COM-files only, "Beda.1530" hits both COM- and EXE-files, on infection of EXE-files that virus may corrupt them.
"Beda.883,1301" are not dangerous viruses, depending on their internal counters they manifest themselves with the video effect.
"Beda.1530" is dangerous virus. It deletes the anti-virus programs -V, WEB, AIDSTEST, A-DINF. It hooks INT 09h also, and depending on its internal counter it changes the keys are entered: '?', 'n' and 'N' to 'B', 'y' and 'Y'.

Home