Win95.Begemot
Description Win95.Begemot
This is a dangerous memory resident parasitic polymorphic Windows virus about 8Kb in length. The virus installs itself into the Windows memory and infects PE EXE files that are accessed.
The virus uses system calls that are valid under Win95/98 only, and can't spread under NT. The virus also has bugs, and often halts the system when run. The virus uses several unusual routines in its code: it keeps its code encrypted and compressed in infected files (while installing, it decompresses it); infects RAR archives (adds infected BEER.EXE file to archives); runs a thread that can communicate with an external module, which controls the virus (for example, enables/disables infection routine).
The virus also looks for "AVP Monitor" and "Amon Antivirus Monitor" windows, and closes them; deletes several anti-virus data files; and depending on the system timer, displays a message.
The virus also contains the "copyright" text:
Virus Win98.BeGemot by Benny/29A
Check other viruses! Be aware! Use Antiviral Software
Highlander.477
Description Highlander.477
These are not dangerous memory resident parasitic viruses. They hook INT 21h and write themselves to the beginning of .COM files that are executed. Sometimes they display the message:
Highlander 1 RULES!
Hiperion.154
Description Hiperion.154
These are harmless memory resident parasitic viruses. When an infected file is executed, the viruses copy themselves into DOS data area at address 0060:0000 and hook INT 21h. Then they write themselves to the end of .COM files that are executed or loaded as overlays. "Hiperion.249" contains the text string "C:COMMAND.COM" and infects this file while installing into the memory.
|