Win32.Fosforo
Description Win32.Fosforo
This is a dangerous, non-memory resident parasitic Win32 virus. The virus uses a polymorphic engine and "Entry Point Obscuring" technology to hide its code in infected files.
When an infected file is run, and virus code gains control, it searches for PE EXE files in current, Windows and Windows system directories and infects them. While infecting, the virus encrypts itself with a polymorphic loop and writes result to the end of the file. To gain control when an infected file is run, the virus does not modify a program's start address, but writes a "JMP Virus" instruction into the file middle.
The virus has bugs, and infected files often become corrupted while infecting. When run, they cause a standard Windows message about an error in application. The virus also has a trigger routine that halts infected applications on July 12th.
The virus contains the following text string:
F0SF0R0 virus by N.B.K / MATRiX
Check other viruses! Be aware! Use Antiviral Software
Nazgul Family
Description Nazgul Family
These are harmless nonmemory resident parasitic viruses. They search for .COM files, then write themselves to the beginning of the file. The viruses contain the texts:
"Nazgul.209": *.COM
"Nazgul.266": *.COM Nazgûl
Nazgul_II.2366
Description Nazgul_II.2366
It is a very dangerous memory resident parasitic polymorphic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed. It has several errors and other corrupts files while infecting them and halt the system. It contains the text string:
[Nazgul]
|