Win32.Idele.2108
Description Win32.Idele.2108
It is a memory resident encrypted parasitic Win32 virus. While infecting the virus uses entry-point-obscuring technology (EPO) and does not modify file entry procedure address, but patches program code with JMP_Virus instructions. When program is run, and affected code branch gets control, the virus code is activated.
The virus then runs a background "thread" and stays as a process of infected application. As a result the virus is per-process memory resident, and it is active till the moment infected application is terminated.
Working in background the virus scans all disk drives, looks for PE EXE files on there, and infects them. The infection routine has a bug and in some cases infected files are corrupted by the virus.
The virus does not manifest itself in any way. It contains the text string:
Idele virus version 1.9DoxtorL./[T.I]/Dec.Y2K'
Check other viruses! Be aware! Use Antiviral Software
Hue.482
Description Hue.482
It is a harmless memory resident parasitic virus. Being executed it searches for COM files of the current directory, then writes itself to the end of the file. Then it hooks INT 21h and writes itself to the end of COM files that are executed or opened. The virus does not manifest itself in any way. It contains the text strings:
Tu Hue
*.COM I am developing !!!
Huge.32767
Description Huge.32767
It is not a dangerous nonmemory resident encrypted parasitic virus. It searches for .COM files, then writes its actual code (about 850 bytes) to the beginning of the file and random data (32K) to the end of the file.
Depending on the system data the virus displays one of the messages:
What's the matter ? Running out of disk space lately ?
WARNING: This computer will self-destruct in 5 seconds
The virus also contains the text strings:
(c)Lx1991
Congratulations for disassembling Huge (c) 1991, by Lx.
|