Virus Database

Win32.Younga.2384.a

Description Win32.Younga.2384.a

It is a dangerous per-process memory resident parasitic encrypted Win32 virus. When infected file starts the virus searches for .EXE and .SCR Win32 executable files in Windows directory and writes itself to the end of the file.
The virus then hooks CreateFileA function that is imported by host program, stays as "background" thread of infected process, and then infects files in directories where any file is being opened.
In six month after infection the virus searches for .TXT files in victim directory, looks for the text "Microsoft" in there and replaces it with "Youngary".
The virus contains the "copyright" text strings:
< Yonggary! by Bumblebee >

Check other viruses! Be aware! Use Antiviral Software

Drizzle.1600

Description Drizzle.1600

It is a dangerous memory resident parasitic virus. It hooks INT 16h, 21h and writes itself to the end of .COM files (except COMMAND.COM) that are executed. The virus runs a counter in the MBR of the hard drive and increases this counter on each installation into the memory and on each infection. When counter reaches 400h (1024) the virus corrupts the MBR code, and it will halt the system on next booting. When this counter reaches 256, the virus starts to change keys that are entered (INT 16h) and delays on any keystroke. The virus contains the only text string:
COMMAND.COM

DrJohn.2000

Description DrJohn.2000

It is not a dangerous memory resident parasitic virus. It writes itself to the end of COM and EXE files. When an infected file is executed, the virus infects the C:COMMAND.COM file, then hooks INT 13h, 21h and infects the files that are opened. Depending on the system date (one month after infecting) the virus displays the message in Russian. The virus also contains the text strings:
c:command.com
*Doctor John*!

Home