Virus Database

WinREG

Description WinREG

This is the first known virus infecting the Windows Registry database and registry files (.REG files). The idea of spreading is based on the fact that it is possible to execute a DOS Batch command from the Registry key, and that Batch command is the component of the same Registry key.
The virus itself is a single instruction in the format of Windows REG files. This instruction, when it is processed by the REGEDIT Windows utility, forces REGEDIT to import a new Registry key:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
"virus command"
"Virus command" is a DOS batch command that looks for all *.REG files in the Windows system directory, and adds a virus registry command to them.
As a result, upon each Windows start-up, a "virus command" from the Registry Run key will look for REG files, and infects them. When an infected REG file is processed by REGEDIT, the virus instruction is copied to the Registry Run key.

Check other viruses! Be aware! Use Antiviral Software

Manowar.592

Description Manowar.592

It's a dangerous memory resident encrypted parasitic virus. On execution it copies itself into the memory at the address 9000:0000 without altering of MCB list, it will halt computer. The virus hooks INT 21h and writes itself at the end of COM- and EXE-files are accessed. It contains the internal text strings:
MANOWAR
(C)PK

Mantra.719

Description Mantra.719

It is a very dangerous nonmemory resident parasitic virus. It searches for .COM files, then writes itself to the end of the file. Depending on the system time the virus tries to erase the disk sectors and displays the message, but fails and halts PC. The message is:
************************
* VALENTINE *
* HAS ENTERED! *
************************
This is the VALENTINE virus, 1.0 by Black Mantra

Home