Virus Database

Win95.Boza.a

Description Win95.Boza.a

It is not a dangerous parasitic NewEXE (PE) virus. It searches for EXE files, checks the files for PE signature, then creates in EXE file new section named ".vlad", and writes its code into that section. This is the first known virus infecting PE EXE files (Win95).
While infecting a file that virus uses calls to functions GetDir, SetDir, FindFirst, FindNext, OpenFile, LSeek, Read, Write, and CloseFile. The virus does direct calls to KERNEL32 code without references to KERNEL32.DLL addresses, as it is described in Win32 SDK documentation. The virus checks the KERNEL32 code at the specific addresses, and then uses the direct calls to these addresses. If there is no such code in KERNEL32, the virus does not perform any action, and returns to the host program.
While searching for files, and infecting them the virus gets the current directory, searches for .EXE files, and checks them for PE signature. Then the virus increases NumberOfSections field in PE header, writes into the file new Section Header that describes new Section in the file, and writes itself to the end of the file.
While executing the virus infects up to 3 files. It looks for .EXE files in parent directories if there are no more .EXE files in the current one. Before return to the host program the virus restores the current directory.
The virus checks the system date, and on 31st displays the message box with the header:
Bizatch by Quantum / VLAD

and the message inside of the box:
The taste of fame just got tastier!
VLAD Australia does it again with the world's first Win95 Virus
From the old school to the new..
Metabolis
Qark
Darkman
Automag
Antigen
RhinceWind
Quantum
Absolute Overlord
CoKe

The virus also contains the text strings:
.vlad
Please note: the name of this virus is [Bizatch] written by Quantum of VLAD

The virus is not bugs-free, and in some cases Windows95 displays an error message during execution of infected EXE files.

Check other viruses! Be aware! Use Antiviral Software

Hdzz.566

Description Hdzz.566

It is a very dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of .COM files that are executed. On August, 1st it erases the disk sectors. The virus contains the text strings:
HDZZ
COMSPEC

Headache.269.a

Description Headache.269.a

These are harmless memory resident parasitic viruses. They hook INT 21h and write themselves to the end of .COM files that are closed. While infecting a file they use undocumented System File Tables.
"Headache.624" disinfect infected files, if they are opened. This virus contains the string:
Headache

Home