Virus Database

Worm.P2P.Bare.a

Description Worm.P2P.Bare.a

Bare is an Internet worm that spreads in the Kazaa, Morpheus, BearShare and eDonkey2000 peer-to-peer file exchange networks. The worm replicates by placing copies of itself in the shared folders used on the client machines comprising these networks.
The Bare worm is a Windows application (PE EXE file) 7.6KB in size, written in Visual Basic and compressed with the UPX utility (the decompressed size is about 25KB).
Bare does not manifest itself in any way.
The worm copies itself to P2P directories under the following names:
key generator.exe
crack.exe
patch.exe
serial.exe
full downloader.exe
Britney Spears.exe
Christina Aguilera.exe
Jennifer Lopez.exe
Pamela Anderson.exe
Claudia Schiffer.exe
nude.exe
xxx.exe
porno.exe
Windows 2000.exe
Kazaa.exe
MSN.exe
AOL.exe
ICQ.exe
mIRC.exe
hack.exe
backdoor remover.exe
password stealer.exe
Spiderman.exe
Harry Potter.exe
wallpaper.exe
screensaver.exe

Check other viruses! Be aware! Use Antiviral Software

DenZuk.a

Description DenZuk.a

These are dangerous viruses, 9 sectors long. They infect floppy disks Boot-sectors during access (INT 13h, ah=2,3,4,5). The viruses make no check when place their second parts on a disk, so they can destroy some information at the 40th track.
The viruses hook INT 9, 13h. On a warm reboot they display their name "Den Zuk" in big letters (graphics video mode). The viruses replace the label of the infected disk with "Y_C_1_E_R_P". They don't have a destructive function, but they are dangerous because of the possibility to erase information at the 40th track of the infected disk. The viruses contain the text: "Welcome to the C l u b --The HackerS-- Hackin' All The Time", "The HackerS".

DerWolf.2219

Description DerWolf.2219

This is a dangerous memory resident parasitic virus. It hooks INT 21h, and writes itself to the end of COM files (except COMMAND.COM) that are executed.
On the 14th of any month, the virus erases sectors on the D: drive, and displays the message:
Although two days ago,
And I have made a New Vir
Still you didn't listen
And thought it was nothing.
Nothing happens..Now THE WULF, under the shining sun
Shall proceed and make you run.
HeHeHe - said the poet.

The virus also has a routine that opens the C:COMMAND.COM file, scans it for the "Bad command or file" text and replaces it with the "[DER WOLF GERMANY]" text. This routine never gains control.
On the 11th of any month, the virus tries to spread itself through an mIRC channel. The virus creates its dropper file (LUCKY.COM) in the C:MIRC directory, and writes 15 instructions to the SCRIPT.INI mIRB script file that spread the virus to the mIRC channel and display messages. The virus has a bug here, and mIRC is not infected. In case the virus script is correctly written to the file, it actually sends a virus dropper to the channel and sends the following message there:
Lucky is back
LUCKY B.R.D 1994-99

The virus script also sends another message to the "virus" mIRC channel:
Yeah this is a New Production
From LUCKY & DER WOLF
Thx: Markus K, LEE & ALU, NEUROBASHER, EMPIRE, BoZo
and all other fine Vir Writers

It also sends a third message to channels:
Dear Christoper Pile thanks idee with your Smeg Patrol Service
there is the best that you wantall..Thanks for every all....
Listen to me..where is the Best Anti Vir Scanner...?
AVP is the best...F-Prot is the second...VSP are the third...
Sophos, Nav, Panda, Ikarus are all bad..has many bugs...
Vote AVP for the Best Anti Vir Scanner...

The virus also contains the text strings:
THE FIRST ARTAbnormal
program termination.
Please consult your Virscan Maker

Home