Virus Database

Win95.CIH-Killer.1373

Description Win95.CIH-Killer.1373

It is not a dangerous memory resident parasitic Win95 virus. It infects Windows executable files (PE EXE - Portable Executable), and writes itself to the end of files while infecting them. If a file is already infected by "Win95.CIH" infector, the "CIH-Killer" virus disinfects them, and then infects by its own copy. If an infected file is executed from 0:00am till 0:59am, the virus depending on the system time displays the message:
CIH Killer1.1
I'll kill CIH,but I'll live here,too!
Produce By SSJ. CCU. Taiwan 1999.

The virus code looks similar to "Win95.CIH" and uses same tricks to install virus code to the Windows memory. By patching system tables the virus switches itself from application mode to kernel driver (Ring3 -> Ring0), allocates a block of system memory, hooks IFS API and stays as a VxD driver. On opening PE EXE files the virus infects them by writing its code to the end of last file section. The virus then modifies necessary PE header fields.

Check other viruses! Be aware! Use Antiviral Software

Ng.695

Description Ng.695

These are harmless memory resident parasitic viruses. They hook INT 13h, 28h and on INT 28h calls search for COM files of the current directory and write themselves to the beginning of the file. They contain the encrypted text strings:
"Ng.695,706": New Generation v.2.1 (NG-2.1 Ukr) *.COM
"Ng.914": NG-2.2 Ukr *.COM
"Ng.1036": NG-2.3 Ukr

"Ng.695,706" also displays the message:
Bad command or file name

Nguyen.1740

Description Nguyen.1740

It is a dangerous memory resident parasitic virus. It hooks INT 1Ch, 21h and writes itself to the end of COM and EXE files. It contains the text string:
Hacker: NGUYEN HIEU VINH
22 / 1A Truong Quoc Dung
Phuong 10 Quan Phu Nhuan
Thanh Pho Ho Chi Minh
South of Viet Nam

Sometimes it overwrites the files with the text:
Don't use these softwares: ATV, VDW and LF to kill me!!!
Ngô Anh Vu, Pham Du Liêm, Trân Thanh Son, Duong Hông Tân
and Dang Hông Quang are too stupid. Trông giông nhu heo
Ha! Ha! These dogs can't touch me. I'm your great father
Press any key to exit and never use these softwares. Ha! Ha!

or decrypts and displays the message:
DBSoft-Doàn Thành Tú là 1 ke "trôm cap" software. He's a professional thiefall

Home

Viruses from A to Z
0-9 A B Ñ D E F G H I J
K L M N O P Q R S T
U V W X Y Z



Calling Cards
Fachanwalt Familienrecht
Calling Cards
Calling Cards
Veneziaketten

    Copyright © 2005 Virus-Database.com
© 2005 Virus-Database.com