Virus Database

Win95.K32.1012

Description Win95.K32.1012

This is a benign memory resident parasitic virus. It infects the Windows95 system memory, and writes itself to the end of PE EXE files. On February 19th, it displays the following MessageBox:
nIgr0_lives_here!!!!
Virus K32 por nIgr0 all "Hazlo o no lo hagas pero no lo intentes"

When an infected file is executed, the virus scans the KERNEL32.DLL data, obtains necessary Windows functions addresses (CreateFile, SetFilePointer, ReadFile, WriteFile, CloseHandle, CreateProcessA, GetModuleHandleA, and GetProcAddress), copies itself into unused data in the Windows kernel and hooks CreateProcess function. To hook this function, the virus patches a Windows kernel with a Jmp_Virus instruction. While infecting a file, the virus increases the size of its last file section, and writes itself to there.

Check other viruses! Be aware! Use Antiviral Software

Haldeman.431

Description Haldeman.431

These are very dangerous nonmemory resident parasitic viruses. They search for all files of the current directory by using the mask "*.*", then write themselves to the end of the file as they are infecting COM files. As a result the non-COM files halt the system being executed, and data files may be corrupted. The viruses display the messages:
"Haldeman.431":
Fortisan et nostrum nomem miscebitur istis

"Haldeman.614":
We should change that a little bit. Johns point is exactly right.
The erosion here now is going to you and that is the thing that
we have to turn off at whatever cost. We have to turn it off at the
lowest cost we can, but at whatever cost it takes.

They also contain the text strings:
"Haldeman.431": Ovid Fortisan Virus Thespian
"Haldeman.614": Haldeman Virus eMpIrE-X

Halka Family

Description Halka Family

These are not dangerous (except "Halka.474") nonmemory resident parasitic viruses. "Halka.474,720" are encrypted ones. They search for the files and write themselves to the end of the file. "Halka.474" infects EXE files, other viruses infect .COM files.
"Halka.474" erases the disk sectors.
On December, 31th the viruses display the messages:
"Halka.720":
Este es el virus 786 Version 2.01
Encriptado variable
Echo por --> _¡X__ [_x_]/A.H.D. HALKA/. Industria Argentina
Quemen al muñeco del `94!

"Halka.1000":
Este es el virus 786 Version 1
Echo por --> _¡x__ [_x_]/A.H.D. HALKA/. Industria Argentina
Quemen al muñeco del `94!
OHH NO, ME HA DESCUBIERTO!!!

Some viruses contain the additional text strings:
"Halka.474":
Red October (C) >D.V< 1994
Catch if you can

"Halka.720":
MALDITO, ME HA DESENCRIPTADO!! :{{
Aqui no estoy! <|-)

Home