Win95.Ylang.1024
Description Win95.Ylang.1024
This is a dangerous, non memory-resident encrypted parasitic virus. It searches for PE EXE files in the subdirectory tree on the C: drive, then writes itself to the end of the file to the last file section, overwrites vthe ery end of the code section with a JMP_Virus routine, and sets a PE entry address to there. This infection method has a bug and corrupts some files while infecting them.
The virus contains the following text string:
Ylang.1024,v1.00b/DrL./[T.I]/Nov99
Check other viruses! Be aware! Use Antiviral Software
Bashar.670
Description Bashar.670
These are dangerous memory resident encrypted parasitic viruses, to decrypt themselves they use i387 instructions in decryption loops. They hook INT 21h and write themselves to the end of COM files that are executed. Because of a bug they may corrupt files while infecting them. The viruses contain the text string:
"[Bashar_Teg] by C.W. - 1997 (JAofM)"
Basilisk.1639
Description Basilisk.1639
It's a not dangerous memory resident parasitic polymorphic virus. It is a variant of the Eddie viruses. It hooks INT 21h, 27h and writes itself at the end of COM- and EXE-files. On execution of SCAN*.* program it types "Packed file is corrupt" and returns to DOS. It also contains the internal text strings:
Basilisk v1.0
(c) 1992 YAM/RABID International
The slave thinks he is released from bondage
only to find a stronger set of chains
|