Virus Database

WinNT.Tenta

Description WinNT.Tenta

It is not a dangerous nonmemory resident parasitic WinNT virus. It infects Windows32 executable files (PE - Portable Executable). While infecting a file the virus writes its code to the end of the first file section, moves other file section down by necessary offset, and modifies file header to get control when infected files are executed.
When the virus takes control, it scans WinNT KERNEL32 data to get addresses of necessary functions (file searching, reading, writing, e.t.c.). The virus then infects the C:WINDOWSWINHLP32.EXE file, if it exists, then the C:WINHLP32.EXE file, then the WINHLP32.EXE in Windows directory, then the MSVCRT20.DLL file in the Windows System directory, then searches for all files in the current directory and infects them. Next to infection the virus returns control to the host program. While infecting the virus uses the temporary C:WIN32SWP.SYS file.
Depending on its counter (once per 8 runs) the virus creates the C:TENTACLE.TXT file and writes the text to there:
I'm the Tentacle Virus!

then the virus modifies the system registry so that on opening any .GIF file the system will execute the Write utility that will open and show the C:TENTACLE.TXT file.

Check other viruses! Be aware! Use Antiviral Software

Shanghai.848

Description Shanghai.848

It is a dangerous memory resident parasitic virus. It hooks INT 21h and intercepts the DOS functions 36h, 3Bh. On these calls the virus searches for .COM files and writes itself to the end of the file. On December, 20th it displays the message:
ShangHai Railway Institute
[high ASCII chars, not properly displayable]

and erases the hard drive sectors. It also contains the text string:
*.COM

Shanghai_II.4077

Description Shanghai_II.4077

It is a very dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed. On GetDiskSpace DOS calls (INT 21h AH=36h) virus searches for files and infects them. The virus also looks for files C:COMMAND.COM, C:DOSCOMMAND.COM and infects them. The virus checks file names and do not infect files with names that are finished with strings:
K3 PC 50 SM TM EA
FRAG COPY HINA V200 CDEX PLUS PROX CPAV ETUP TTTT IVER
MAIN INIT 0001 OUND S4GW WAR2 RIAN PC43 KE3D ORUN WPS

On March, June, September and December 13th the virus erases the hard drive sectors and displays the message:
Shanghai No.1 2.0 PRO
Super Virus , designed by Microvirus , 09-13-1996 !

Home

Viruses from A to Z
0-9 A B Ñ D E F G H I J
K L M N O P Q R S T
U V W X Y Z



Den Snedbenade Grodan Ab
Jk:s Mur-puts Handelsbolag
Jhs Elektriska
Dala Puts & LokalvÅrd
Tc Marketing

    Copyright © 2005 Virus-Database.com
© 2005 Virus-Database.com