Virus Database

Win95.Matrix.3597

Description Win95.Matrix.3597

This is a relatively harmless memory resident polymorphic parasitic Win9x virus. It stays in the Windows memory as a device driver (VxD) by switching from application mode to Windows kernel (Ring3->Ring0), hooks disk-file access functions, and infects PE executable files with EXE and SCR file-name extensions, and infects DOS COM files.
While infecting a PE EXE file, the virus encrypts itself and writes to the file end. The virus also patches the program's start-up code with a short routine that passes control to the main virus code.
While infecting DOS COM files, the virus writes, to the end of a file, a short routine that has no infection abilities, but just displays a message on July 7th:
Wake up, Neoall
The Matrix has you...
w9x.mATRiX

The virus also infects the C:WINDOWSWIN.COM file in the same way.
On April 6th, the virus modifies the system registry key:
HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
NoClose = 1

As the result of this key a user cannot switch off the computer.
The virus also deletes anti-virus data files: AVP.CRC, ANTI-VIR.DAT, IVB.NTZ, CHKLIST.MS.
The virus contains the following text strings:


where 'xxxxxxx' is the virus' "generation" number.

Check other viruses! Be aware! Use Antiviral Software

FNS_Monster.298

Description FNS_Monster.298

It is a harmless nonmemory resident parasitic virus. It searches for .COM files, then writes itself to the end of the file. The virus does not manifest itself in any way. It contains the text string:
F.N.S. Monster 2.0

FOG.AirRaid.1728

Description FOG.AirRaid.1728

This is a harmless memory resident parasitic polymorphic virus that uses FOG engine. It hooks INT 21h and writes itself to the end of COM files that are executed. It contains the text string:
Air Raid in the [Fog 1.0]

Home