Virus Database

Win16.Klon.11776

Description Win16.Klon.11776

It is not a dangerous nonmemory resident parasitic Win16 virus.
The virus itself is Win16 executable file (NE EXE file) about 11-13Kb of length (depending on virus version). The virus is written in Turbo Pascal for Windows.
When the virus runs it looks for Win16 and Win32 EXE files (NE and PE) on available drives and infects them. While infecting the virus moves victim file body down, and writes its own code to the file beginning. To return control to host program the virus "disinfects" host file to temporary ".DLL" file and spawns it.
While processing the virus may also create its "droppers" (pure virus EXE code) in Windows system directory, the file names depend on virus version:
SYSTEM0.EXE, SYSTEM1.EXE, SYSTEM9.EXE ANTIA.EXE, ANTIB.EXE
Some of virus versions also register these files in WIN.INI file in auto-run section:
[windows]
run=
Depending on its "generation" and other conditions the viruses displays the message boxes:
klon!
Najemnik Virus Version 3.0
AntiAnti
One of virus versions looks for active anti-virus programs by searching for following strings:
viru
mks_
avp
antiviral
then moves this application window out of desktop and tries to terminate this application.
The viruses contains the text string:
"Klon.11776":
Idea:SaddamHusseinDiskValidator Amiga!
"Klon.12800,13056": AntiAntiVirus AAV AntiAntiVirus AAV

Check other viruses! Be aware! Use Antiviral Software

Mef.1481

Description Mef.1481

These are a harmless memory resident encrypted parasitic viruses. They hook INT 21h and writes themselves to the end of COM- and EXE-files that are executed or opened. The viruses check the file names and do not infect the files: AVG.*, ASTA*.*, STRO*.*, DPMI*.*, RTM.*, SCAN*.*.
The viruses use anti-debugger tricks, and under debugger they switch to search-and-infect routine that search for COM- and EXE-files in DOS or C:DOS directories, and infects them.
The virus contains the internal text strings:
*.exe *.com dos
AVG.ASTASTRODPMIRTM.SCAN
COMEXE

Mefl.625

Description Mefl.625

These are harmless memory resident parasitic viruses. They hook INT 21h and write themselves to the end of EXE files that are executed. The viruses do not manifest themselves in any way, they contain the text in cyrillic.
"Mefl.625": î¥öï
"Mefl.700": #1502 - î¥öï

Home

Viruses from A to Z
0-9 A B Ñ D E F G H I J
K L M N O P Q R S T
U V W X Y Z



Skifte
Zonecheck
Antivirus
Guatemala Call
Epilators

    Copyright © 2005 Virus-Database.com
© 2005 Virus-Database.com