Virus Database

Win32.Wanhope.1834

Description Win32.Wanhope.1834

Wanhope is a harmless non-resident parasitic Win32 virus that recursively searches for Win32 PE EXE files in the Windows directory, the Windows System directory and the upper level directories.
While infecting the virus writes itself to the end of the file.
The virus does not manifest itself in any way.
Wanhope has a bug and can corrupt files while infecting them. Corrupted files will perform illegal operations while starting.

Check other viruses! Be aware! Use Antiviral Software

DIW.386

Description DIW.386

These are non-memory resident parasitic viruses. They search for .COM-files, then write themselves to the end of the file. The viruses contain the following text string:
*.com

and:
"DIW.386": *.dbf
"DIW.389": *.exe
"DIW.512": *.dbf aidstest.* adinf.* *.txt *.doc
"DIW.565": *.dbf clip????.* ?link.* *.obj *.arf
"DIW.597": ELEFANT

"DIW.212,229,288" are harmless viruses, and they do not manifest themselves in any way.
"DIW.377", dating from 1999, halts the system. It also resets the active partition flag in the MBR of the hard drive.
"DIW.386,389" checks the system date and time, and if the day number is equal to month number, e.g, 9 September = 9/9, and if the hour counter is equal to the minutes counter, these viruses search for files, and delete them:
"DIW.386": *.BDF-files
"DIW.389": *.EXE-files

"DIW.393" displays:
DIW 1.0
*** MORNING STAR ***
Press any key to continue all

This virus also contains the text strings in Russian.
"DIW.428" changes the video palette registers. "DIW.480" "shakes" the screen. "DIW.488" changes the settings of the system timer.
"DIW.512,565" searches for files and deletes them from the following filenames:
"DIW.512": *.DBF AIDSTEST.* ADINF.* *.TXT *.DOC
"DIW.565": *.DBF CLIP????.* ?LINK.* *.OBJ *.ARF

"DIW.555" reboots the system or displays the messages in Russian. This virus also contains the following text string:
DIW 2.0

"DIW.597" "eats" the screen. "DIW.600" deletes files:
CHK*.* *.___
[NOTE: "___" not displayable ASCII chars]

On the 13th of any month, this virus deletes *.EXE-files, on November 28th, it corrupts MBR and displays the following message:
User PC - I N F E C T E D !
Call Lozinsky !
(c) VIRUSOFT Inc.

DJIFX.2372

Description DJIFX.2372

This is a very dangerous memory resident parasitic virus. It hooks INT 5, 9, 17, 1Ch, and 21h, and writes itself to the end of COM and EXE files that are executed, opened, renamed or accessed by a Get/Set File Attribute DOS call. Before and after infecting a file, the virus writes the data of a random size to the end of the file. The virus checks the file name, and does not infect these files:
DRWEB.EXE AIDSTEST.EXE COMMAND.COM

On Fridays, when Alt-Ctrl-Del keys are pressed, the virus displays the following message, and the text starting from "Phone:" is encrypted:
+------------------------------------------------+
¦ DJ[I]-FX, Ver. 0.53., (c) 1996 by ___ ¦
¦ Just call my name and I'll be backall ¦
¦ Password: (D&I) Enigma: (Phone: 1.6687.746498) ¦
+------------------------------------------------+

Depending on the system timer, the virus overwrites the files with a program instead of infecting them. That program displays the same message.
On Mondays, depending on the system timer, the virus plays the Yankee Doodle tune, the same as the "Yankee" viruses do.
While printing digits, the virus inverses them (0<->9, 1<->8,...). When the INT 5 (print screen) call is performed, the virus reboots the computer. The virus has bugs and may halt the system.

Home