Virus Database

Win95.Zombie.4584

Description Win95.Zombie.4584

It is not a dangerous nonmemory resident encrypted parasitic Win95 virus. Being executed the virus scans Win95 kernel and gets undocumented addresses of system file access function (see the list below). Then it searches for NewEXE Portable Executable (Win95 and NT) files in Windows directory, in C:, D:, E: and F: drives subdirectory tree and infects them.
While infecting the virus creates new section ".Z0MBiE" in PE header, writes its code to the end of the file and modifies address of Entry Point. The virus also aligns the file length to the section, so the file lengths grows more that Virus_Length bytes while infection. The virus infect some files incorrectly, Windows displays standard error message when these files are executed.
The virus also creates ZSETUP.EXE files on disks and writes to there "Zombie.VPI" DOS virus dropper.
The virus contains the text strings, a part of these strings are the names of system functions that are used during infection:
ExitProcess FindFirstFileA FindNextFileA CreateFileA SetFilePointer
ReadFile WriteFile CloseHandle GetCurrentDirectoryA SetCurrentDirectoryA
GetWindowsDirectoryA GetCommandLineA WinExec GetFileInformationByHandle
.Z0MBiE
Z0MBiE 1.01 (c) 1997
My 2nd virii for mustdie
Tnx to S.S.R.
SetUp.EXE

Check other viruses! Be aware! Use Antiviral Software

Maus.1888

Description Maus.1888

It is a very dangerous nonmemory resident virus. It searches for the COM and EXE files of the directories and writes itself to the beginning of COM, and to the end of EXE files. It also creates the file device driver and append the information about this driver into the CONFIG.SYS file. This driver being installed into the memory sometimes erases the keyboard buffer. In some cases the virus erases the disk sectors. It contains the text strings:
C: * NETWARE LMS MAUS MDB DOS BASE
*.exe *.com
C:CONFIG.SYS DEVICE =

Maverick family

Description Maverick family

These are very dangerous memory resident polymorphic parasitic viruses. They trace and hook INT 21h, then it write themselves to the end of COM and EXE files that are accessed.
Depending on the system date "Maverick.1536" erases the disk sectors. It contains the text string:
(c) ETERNAL MAVERICK. Kiev Computer Virus Club 1994.

If month number plus one is equal to day number (February 1st, March 2nd, all) "Maverick.2048" sets INT 4 (Overflow) to INT 13h, that may corrupt data on disk. If month number plus two is equal to day number, this virus displays the message and halts the computer:
+--------------------------------+
| +----------------------------+ |
| | LETS REST UNTIL TOMORROW ! | |
| +----------------------------+ |
| (c) ETERNAL MAVERICK 1995. |
+--------------------------------+
Press RESET to continue...

Maverick.3584
It is a dangerous memory resident polymorphic and stealth parasitic virus. It hooks INT 21h and writes itself to the end of COM, EXE, SYS and OVL files that are accessed. The virus does not infect files with names that contain the sub-strings: PRO, SCA, EXT, WEB, COM, WIN.
The virus searches in root directories of all available disks for files that have 6th symbol of name the same as disk letter, and deletes them.
The virus contains the text string:
Universe (c) Eternal Maverick

Home