Virus Database

Win32.Weird

Description Win32.Weird

It is not a dangerous memory resident parasitic Win32 virus. It writes itself to the end of PE EXE files (Windows executable) by increasing last file section and modifying PE header fields. The virus copy in infected files consists of two parts. First part (starter) is a short routine (about one kilobyte of code and data), the second part is the main virus code (about 10Kb of size) encrypted with silly encryption loop.
When the infected file is executed, the starter takes control, decrypts the second part of virus code, drops it to Windows directory as a PE EXE file with random name and executes it. The main virus instance stays memory resident as a hidden Windows application, runs a low priority thread that periodically scans drives' directory trees, looks for PE EXE files and infects them.
The virus also affects the EXPLORER.EXE file. It copies it with the EXPLORER.E name, infects this copy and writes the [rename] instruction to the WININIT.INI file to replace original EXPLORER.EXE with infected copy on next Windows startup.
The virus has a backdoor ability. When it is active as a Windows application it opens Internet connection and waits for specific calls from there. The virus has a lite list of supported commands comparing to other known backdoors, but it allows to upload, download, execute and delete files on the infected machine from remote host.
The virus contains the "copyright" text:
#Coded by Weird#

Check other viruses! Be aware! Use Antiviral Software

Rch.1138

Description Rch.1138

This is a benign memory resident polymorphic parasitic virus. It hooks INT 9, 21h and writes itself to the end of COM and EXE files that are executed or opened. On May 20th the virus inserts the following text into the keyboard buffer (i.e. simulates user input):
"Just a joke,Don't mind!"---Rch

Rch.1217

Description Rch.1217

This is a benign memory resident polymorphic parasitic virus. It hooks INT 9, 21h and writes itself to the end of COM and EXE files that are executed or opened. The virus deletes the anti-virus data files CHKLIST.MS and SMARTCHK.CPS, if they exist. On May 20th the virus inserts the following text into the keyboard buffer (i.e. simulates user input):
"Just a joke,Don't mind!"---Rch

Home

Viruses from A to Z
0-9 A B Ñ D E F G H I J
K L M N O P Q R S T
U V W X Y Z



Pettersson, Bo
Ewert, Hampus Erik Christian
BÄrgningscenter I Östra Blekinge Ab
Mara Yoga Studio
Stinab, Serviceteamet I NorrkÖping Ab

    Copyright © 2005 Virus-Database.com
© 2005 Virus-Database.com