Virus Database

Whale Family

Description Whale Family

These are dangerous memory-resident encrypted parasitic stealth viruses. They infect, in a standard way, COM, EXE and OVL files whenever they are started or closed.
This virus hooks and handles 16 functions of the 21h interrupt. This virus creates the file "C:FISH-#9.TBL," into which it writes the hard-disk MBR and the following phrase:
"FISH VIRUS #9 A Whale is no Fish! Mind her Mutant Fish and the hidden Fish
Eggs for they are damaging. The sixth Fish mutates only if Whale is in her
Cave".

From February 19th until March 10th, the virus hangs up the system, and displays the following string:
"THE WHALE IN SEARCH OF THE 8 FISH I AM '~knzyvo}' IN HAMBURG".

It is very difficult to analyze this virus, because all 9Kb of its code are full of program traps hampering a trace, disassembling and analysis the virus. If the virus listing is to be printed, you should check a dozen special programming methods (dynamic de/enciphering, dummies, use of conveyor, code cipher nesting and so on). As a file is infected, the encrypted virus body is written to it so as a decipher should check 30 variants. That is, you have to use 30 masks to find the virus in the file.
The virus also contains the strings: "THE WHALE", "5HS5IF", "5IF5HS". It hooks INT 9, 21h.

Check other viruses! Be aware! Use Antiviral Software

EasyRider.2108

Description EasyRider.2108

It is not a dangerous memory resident stealth parasitic virus. It hooks INT 8 (timer), traces and hook INT 21h and writes itself to the end of COM and EXE files that are accessed. The virus infects files on floppy disks and network drives only. The only file on local computer is infected - it is the COMMAND.COM file.
The virus disinfects the COMMAND.COM on opening a file with names A-DINF-*.* (stealth). The virus also switch off its stealth function when the files are executed:
NDD, SCANDISK, CHKDSK, PKZIP, ARJ, LHA

The INT 8 handler periodically "shakes" the screen.
The virus contains the text strings:
[21st Century man]
Easy Rider ,Ni+eM/|re

Eatrich.946

Description Eatrich.946

It is a dangerous memory resident encrypted parasitic virus. It copies itself to UMB memory, hooks INT 21h and writes itself to the end of EXE files that are executed. The virus does not infects the files *N386.* and *N286.*. The virus deletes the anti-virus databases: ANTI-VIR.DAT, CHKLIST.CPS, CHKLIST.MS. If the TBSCAN anti-virus is memory resident, the virus displays the message and reboots the computer:
TbDriver, TBAV TSR utilities driver (C) Copyright 1992-94 Thunderbyte BV.
ERROR!.

The virus also contains the text string:
Eat the Ritch virus by Sx (c) 1995 AeroSmith Rulze!

Home