Virus Database

Win32.Miam.1696

Description Win32.Miam.1696

This is a dangerous parasitic Win32 virus that infects Win32 PE EXE files (Win32 applications). While infecting, the virus writes its code to the end of the file, and patches the program entry routine with a short code that passes control to the main virus body when an infected file is executed. The virus has bugs and some files can be corrupted during infection.
When an infected file is run, the virus looks for Win32.EXE files in the current directory and infects them. The virus then gets NOTEPAD.EXE and CALC.EXE from the Windows directory and infects them too.
Next, the virus hooks the CreateFileA Windows API function and stays memory resident as a hidden sub-process of the host process (infected application). So, the virus is "per-process" memory resident, and is active until an infected application is activated. When any file is being opened, the virus searches for all .EXE files in the current directory and infects them.
Depending on the system time (the infected program is run at 10:00 a.m.), the virus drops C:NEO.BMP, stores an image there and registers that as the Desktop wallpaper. The image has a text on black background:
Wake Up Neo
[win32.Neo]
When the 1st virus generation (virus dropper) is run, it displays the following message:
Win32.Neo Virus by [TiPiaX/VDS]
Miam ! I love PE files ;)
Thus the virus is named "Miam".

Check other viruses! Be aware! Use Antiviral Software

Hymn.1962

Description Hymn.1962

This is a very dangerous encrtypted memory resident parasitic virus. It hooks INT 21h, and writes itself to the end of COM and EXE files that are executed, closed, renamed or when the file attributes are changed.
When the date and month correspond in number (January 1st, February 2nd,all), this virus destroys a part of the system information in the C: disk boot sector, then it plays the former USSR national anthem, and decrypts and displays the picture.
When corrupting the boot sector, the virus sets the bytes to zero in the boot sector that contains the number of bytes in a sector, number of sectors in a cluster, number of FAT copies, etc - a total 9 bytes. If the boot sector of a computer running in the MS-DOS environment is changed in such a way, the computer remains unbootable both from the hard disk and the floppy drive. To restore information, it is necessary to use special utilities.

Hymn.2144

Description Hymn.2144

This is a very dangerous encrtypted memory resident parasitic virus. It hooks INT 21h, and writes itself to the end of COM and EXE files that are executed, closed, renamed or when the file attributes are changed.
When the date and month correspond in number (January 1st, February 2nd,all), this virus destroys a part of the system information in the C: disk boot sector, then it plays the former USSR national anthem, and decrypts and displays the picture.
When corrupting the boot sector, the virus sets the bytes to zero in the boot sector that contains the number of bytes in a sector, number of sectors in a cluster, number of FAT copies, etc - a total 9 bytes. If the boot sector of a computer running in the MS-DOS environment is changed in such a way, the computer remains unbootable both from the hard disk and the floppy drive. To restore information, it is necessary to use special utilities.

Home