Win32.Kala
Description Win32.Kala
This is a dangerous, per-process memory resident parasitic encrypted Win32 virus. It runs its main infection routine as a thread and returns control to the host program. As a result, the virus then operates in the background and is active in the memory until the host program is terminated.
Upon being activated, the virus runs an endless loop, scans all files on all available drives and infects .EXE and .SCR files that are Win32 executable PE files. While infecting, the virus creates a new section at the end of the file, encrypts and writes itself to there.
The virus protects its code with an error-correction algorithm. In case the virus code is modified (patched, or the virus is under debugger), the virus overwrites all disk files with the text "never touch the kala-marai!" and then deletes files.
Check other viruses! Be aware! Use Antiviral Software
AntiWin Family
Description AntiWin Family
These are dangerous memory resident parasitic viruses. They hook INT 21h and write themselves to the end of EXE files that are executed. When some files are executed (WIN.COM from some Windows version?) the viruses delete the WINDOWSWIN.INI file. The viruses contain the text strings:
Anti-Win 1.0
(C) Zarathustra & Morgan
WINDOWSWIN.INI
Antiwin_II, family
Description Antiwin_II, family
These are dangerous memory resident parasitic encrypted viruses. They trace INT 21h, hook INT 9, 21h, 2Fh and write themselves to the end of .EXE files that are executed. The viruses check the file names and do not infect several anti-virus and utilities according to the following string (four bytes per name):
DRWEAIDSMSCAANTIAVP WEB SCANMSAVVSAFGUARADINKRNLDOSXWSWADSWAWIN3
The viruses use on-the-fly encryption/decryption by hooking INT 1 (tracing), so their code is encrypted in the memory as well as in the files. The viruses have bugs and in some cases halt the computer while infecting files.
In some cases the viruses change the symbols that are entered (INT 9). On Windows initialization call INT 2Fh AX=1605h the viruses depending on the system time display the message and halt the computer:
Use registered copies of MS Windows
The viruses also contain the text:
Greetings from MrStrange, Kiev T.G.Shevchenko University
>Antiwin<, (c) by MrStrange.
The master copy of these viruses also contain the text:
MrStrange hails you from Kiev! My first virus
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Calling Cards
Phone Cards
Cash Advance Online
|