WG.728
Description WG.728
It is a very dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of EXE files that are accessed by FindFirst/Next ASCII DOS functions. The virus does not infect the files:
AI*.* AD*.* WE*.* VD*.* VS*.* MS*.* HI*.*
Depending on the system timer the virus corrupts the data while writing to disk (INT 21h, AH=40h). The virus contains the text string:
WG02
Check other viruses! Be aware! Use Antiviral Software
Helga.666.a
Description Helga.666.a
These are dangerous nonmemory resident encrypted parasitic viruses. They search for COM files, then write themselves to the end of the file. Then the viruses delete the files by using the masks:
*._* *.ms
Depending on the system time the viruses display the messages and halt the computer. "Helga.666.a" displays the message in Russian. "Helga.666.b" displays:
WARNING: ALL DATA ON NON-REMOVABLE DISK
DRIVE C: WILL BE LOST!
Proced with Format (Y/N)?y
The viruses also contain the string:
*.com
"Helga.666.a" also contains the word:
Helga
Helicopter.777.a
Description Helicopter.777.a
It is not a dangerous memory resident parasitic virus. It hooks INT 10h, 21h and infects .COM files that are executed. While infecting the virus search for zero bytes are in the file body, and writes itself to there. If there is no such are, the virus does not infect the file. The file length does not grow while infecting.
When the video mode is changed to graphic mode 5 (INT 10h, AX=0005h), the virus draws an image of helicopter.
|