Virus Database

Win32.Highway

Description Win32.Highway

It is a harmless nonmemory resident parasitic Windows virus. It searches for PE EXE files in the current and Windows directories, then writes itself to the end of the file. While infecting the virus increases the size of last file section for its code, patches the Import Table to get access to necessary Windows functions and modifies the program's startup address.
To run its infection procedure the virus creates the HIGHWAY.DLL file in the Windows system directory, writes its code to there and runs this file.
Under Win95/98 the virus procedure is activated only on infected programs startup. Under WinNT the virus installs itself into the system so that its DLL is activated each time any programs starts. To do that the virus creates the registry key:
SOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLS

and set it to "HIGHWAY.DLL". The effect is that after the next reboot, at each application init, the virus DLL will be loaded in the application address space, meaning that when a program is executed, the virus will try to infect each EXE file in the current directory and Windows directory (thanks to Adrian Marinescu, GeCAD Software, who located this trick in the virus code).
The virus does not manifest itself in any way, different versions of the virus contain the texts:
"Highway.a": Can a road be a prision?
"Highway.b": Ser a estrada uma pris?o?

Check other viruses! Be aware! Use Antiviral Software

Malaga.2385

Description Malaga.2385

This is a harmless memory resident multipartite virus. It hooks INT 8, 13h, 21h and writes itself to the end of COM and EXE files except COMMAND.COM. The virus also infects boot sector on floppy disks as well as on C: drive. The virus writes the original boot sector and the rest of virus code to the last sectors of the drive.
The virus decrypts and displays the texts:
HB=ETA=ASESINOS
PENA DE MUERTE AL TERRORISMOKI
VIVA ESPA
It also contains the text:
*.EXE *.COM COMMAND.COM

Malatinec family

Description Malatinec family

These are dangerous parasitic encrypted viruses. They write themselves to the end of COM and EXE files.
"Malatinec.1554" is a nonmemory resident virus. It searches for COM and EXE files and infects them. "Malatinec.2367" is a memory resident, it hooks INT 21h. On Load&Execute DOS call it searches for executable files and affects them. "Malatinec.3737" is also memory resident virus, it infects files that are executed.
While infecting the viruses rename the file to:
"Malatinec.1554": FileName.M03
"Malatinec.2367": FileName.M04

then infect it and renames back to original name. The virus does not infect the files:
"Malatinec.1554":
AVG AVP CLEAN GUARD IV NAV NOD SCAN TB VIRSTOP WEB HIEW

"Malatinec.2367":
ADINF AVG AVP CLEAN DRWEB F- FINDVIRU FV GUARD IBMAV IV
NAV NOD SCAN TB TOOLKIT VIRSTOP VIVERIFY WEB HIEW

"Malatinec.3737"
COMMAND AFD CHKDSK DOS4G HIEW KRNL SCANDISK WIN ADINF AIDS ANTI ASTA
AUTHOR AVAST AVG AVP AVSCAN BAIT CERT CLEAN CPAV CRC DRWEB F- FINDVIR FV86
FV386 GOAT GUARD IBMAV ICE IV MKS MSAV NAV NOD PAS QCV QMS SCAN TB TKUTIL
TOOLKIT V- VAC VDS VIR VIVERIFY VPCSCAN WEB

The viruses delete the files:
"Malatinec.1554":
ANTI-VIR.DAT AVP.CRC CHKLIST.CPS CHKLIST.MS IVB.NTZ SMARTCHK.CPS

"Malatinec.2367":
ANTI-VIR.DAT AVP.CRC CHKLIST.CPS CHKLIST.MS CHKLIST.TAV FINGERP.VVF
FSIZES.QCV IVB.NTZ NAV_._NO SMARTCHK.CPS _CHK.CHK

"Malatinec.3737"
ADINF-?-all. ANTI-VIR.DAT AVG.GRS AVP.CRC CHKLIST.CPS CHKLIST.MS
CHKLIST.TAV CRCHECK.TXT FINGERP.VVF FSIZES.QCV ICE_?.CRC IM.PRM IVB.NTZ
MSAV.CHK NAV_._NO NODEX_?.DAT SMARTCHK.CPS _CHK.CHK

The viruses also contain the text strings:
"Malatinec.1554":
Virus Malatinec v0.3
Note: this is evolutionary (beta) version only. Be Happy!
PATH=*.* COMEXEM03

"Malatinec.2367":
Virus Malatinec v.0..W_Nreated by Aladiah
Greet: all my friends in Slovakia; G722,E10,H723,H118 & all H4??
(sch.yr.95/96) & of coz i send a big fuck 2 big boxer V.M.
Note: this is last evolutionary ( ) version. Don't Worry! Watch out

"Malatinec.3737"
[Malatinec] by Aladiah (C) 4/97
+ ¥ m , w+ + y u &pount; k¡ g ? ?!

"Malatinec.3737" depending on the system time also displays one of messages:
Ked sa budes dobre ucit, dcerenka, stanes sa manekynkou.
Don't dread! I'm friendly ghost :)
Critical Error - Use (MC) Hammer.
REALITY.SYS corrupted - reboot Universe ? [Y,n]
I'm INside. (what's about your heuristic?)
Memory failed. Use paper.
Attention. High voltage on keyboard!
Prosím Vás, Zastavte HZDS !

Home