Virus Database

Win32.InvictusDLL.099

Description Win32.InvictusDLL.099

This is a Win32 application that is detected by this name, and is infected with virus using a special INVICTUS library. This library (Win32 DLL file) is intended to minimize a virus writer's work when creating Win32 viruses and worms.
The INVICTUS library contains several standard routines for infecting files, enumerating network resources (for further infection), using polymorphic encryption, and sending infected e-mail messages, etc.
The only thing the virus writer has to do is to use library functions correctly, and to add some special routines (like payload routines), because most of the viral functions are already implemented in the INVICTUS library.
This is the first known version of the library. It is about 4 Kb in length (packed with UPX), and about 14 Kb in an unpacked state.
The library contains the following copyright string:
"INVICTUS" LIBRARY 0.99 BY NBK
This version of the library contains only infecting routines.
When infecting files, the library sets the entry-point address of host applications to 0, so that Windows NT/2000/XP operating systems do not recognize them as valid Win32 applications, and will be unable to launch them. Windows 9x/ME don't check the integrity of files and will launch infected files, and the control flow is passed to the virus code.
The structure of an infected file appears as follows:
ã=====================-
ƒ infected ƒ <--- program entry point (at the
ƒ host file ƒ beginning of the infected file)
ƒ ƒ
ƒ---------------------ƒ
ƒƒPolymorphic code ƒƒ
ƒƒ ƒƒ
ƒƒINVICTUSDLL ƒƒ
ƒ+-------------------+ƒ
ƒƒvirus body ƒƒ
ƒ+-------------------+ƒ
ƒƒvirus body ƒƒ
ƒL--------------------ƒ
L=====================-

Check other viruses! Be aware! Use Antiviral Software

Itv.454

Description Itv.454

This is a relatively harmless, non memory-resident parasitic virus. It searches for COM files, and writes itself to the end of the file. It contains the text strings "PATH=*.COM" and:
(C) ITV85020203
On May 13th, the virus erases the system data in the first MCB block.

Itv.474

Description Itv.474

This is a relatively harmless, non memory-resident parasitic virus. It searches for COM files, and writes itself to the end of the file. It contains the text strings "PATH=*.COM" and:
(C) ITV85020203 1990.
On May 5th, September 16th, and November 13th, the virus displays the following:
Viva México!.

Home

Viruses from A to Z
0-9 A B Ñ D E F G H I J
K L M N O P Q R S T
U V W X Y Z



Rolf G. Persson FÖrvaltning Ab
Runar Anderssons StensÄtteri Aktiebolag
Talik, Christer
Torslanda BegravningsbyrÅ Ab
Toli StÄngsel & Montage Ab

    Copyright © 2005 Virus-Database.com
© 2005 Virus-Database.com