Virus Database

Win32.Kenston.1895.a

Description Win32.Kenston.1895.a

It is not a dangerous nonmemory resident parasitic Win32 virus. It is encrypted with lite method (XOR-bytes loop). When an infected programs runs, the virus takes control, searches for PE EXE files in the subdirectory tree on the current disk, then writes itself to the end of the file: increases the size of last section, writes its code to there and modifies the entry point address. To get access to Windows file access function the virus scans Windows Kernel32 internal formats. To detect already infected files the virus saves the "a" stamp to the file's DOS stub header.
The most part of virus is compatible with all Win32 versions: Win32/95/NT, but the infection routine has a minor bug. Because of this bug the majority of infected files cannot be executed under WinNT.
The virus contains the text:
Boles and Manning are arrogant facists. They have no computer
sk1llz and KENSTON HIGH SCHOOL's computers are 0wn3d.
I AM BACK KOONS YOU MOTHERFUCKER dowN wiTh KenSTONall..
yOU tRIED tO rID yOUrSELf oF mE BefoREbUT fAILED
HAHAHAHAHAHAHAHAHAHAHAHAHAHAHA

The virus also contains the string that contains names of Windows functions used by the virus:
LoadLibraryA GetProcAddress FindFirstFileA FindNextFileA FindClose
SetFileAttributesA SetFileTime CreateFileA ReadFile WriteFile
SetFilePointer CloseHandle SetCurrentDirectoryA GetCurrentDirectoryA

Check other viruses! Be aware! Use Antiviral Software

Hafen.781

Description Hafen.781

These are not dangerous nonmemory resident parasitic viruses. They search for .EXE files of the subdirectory tree, and write themselves to the end of the file.
"Hafen.1640,1641,1689" contain the decrypted body of "Ambulance" virus, and infect .COM files with this sample (drop the virus). "Hafen.809" decrypts and displays the message:
Hafenstraße bleibt !

"Hafen.781" decrypts and prints to the printer the message:
Kilroy was here - (C) 1991, VDV.

"Hafen.818" creates the files with the random names, these files contain the text:
Hafenstraße bleibt !

"Hafen.1191" manifests itself with a moving picture:

Haharin

Description Haharin

It is a very dangerous memory resident boot virus. It hooks INT 13h and writes itself to the MBR of the hard drives and boot sector of floppy disks. Depending on its counter the virus erases disk sectors and displays the message:
Haharin is not dead !

Home

Viruses from A to Z
0-9 A B Ñ D E F G H I J
K L M N O P Q R S T
U V W X Y Z



Kuala Lumpur Apartments
Dubai Holiday Villas
Economical News
Shared Hosting
Nintendo Wii Fit

    Copyright © 2005 Virus-Database.com
© 2005 Virus-Database.com