Virus Database

Worm.P2P.Spear.a

Description Worm.P2P.Spear.a

Spear is an Internet worm that spreads in the Kazaa, Morpheus, BearShare and eDonkey2000 peer-to-peer (P2P) file exchange networks. It replicates by copying itself into the 'shared folders' used on all client machines comprising these networks.
The Spear worm is a Windows application (PE EXE file) about 40-70KB in size (depending on its version) and is written in Delphi. Some instances of this worm are compressed by the UPX file compression utility.
Spear does not manifest itself in any way.
The worm copies itself to P2P directories using the following names:
host_faker.exe
host_spoofer.exe
ip_spoofer.exe
ip_faker.exe
ident_spoofer.exe
ident_faker.exe
tripod_hacker.exe
tripod_cracker.exe
hotmailhacker.exe
hotmailcracker.exe
hotmail_account_sniffer.exe aimhacker.exe
aimcracker.exe
icqhacker.exe
icqcracker.exe
msnhacker.exe
msncracker.exe
winxp_hacker.exe
winxp_cracker.exe
winxphack.exe
winxp_crack.exe
win2k_serial.exe
yahoo_cracker.exe
yahoo_hacker.exe
divx_fix.exe
divx_repair.exe
ftp_hacker.exe
ftp_cracker.exe
porn_account_hacker.exe
porn_account_cracker.exe
catherine_zeta_jones_nude.exe
catherine_zeta_jones_naked.exe
catherine_zeta_jones_anal.exe
pamela_anderson_anal.exe
pamela_anderson_nude.exe pamela_anderson_naked.exe
buttman.exe
sarah_michelle_gellar_nude.exe
sarah_michelle_gellar_naked.exe
sandra_bullock_nude.exe
sandra_bullock_naked.exe
anastasia_anal.exe
anastasia_naked.exe
anastasia_nude.exe
shakira_anal.exe
shakira_assfucked.exe
shakira_naked.exe
shakira_nude.exe
shakira_paparazzi_collection.exe
XP_keygen.exe
PS2_emulator_bleem.exe
xbox_emulator_beta.exe
linux_root.exe
win2k_pass_decryptor.exe
Win2k_reboot_exploit.exe
IIS_shellbind_exploit.exe
AdvZip Recovery.exe
AIM Pass stealer.exe
AMI BIOS Cracker.exe
Counter Strike_CD_Keygen.exe
Delphi 5 Keygen.exe
Delphi 6 Keygen.exe
Half_life Cd keygen.exe
Hotmail Hacker.exe
ICQ_Hackingtools.exe
invisible_IP.exe
kazaa.exe
edonkey_serverlist.exe
kmd151_en.exe
Linux_rootaccess.exe
msn_IP_finder.exe
Office key Gen.exe
Autocad 2002 Crack.exe
OfficeXP_Keygen.exe
Office XP Crack.exe
PS1 BootCD.exe
PS2 BootCD.exe
XP_Box_emulator.exe
Sub7_masterpwd.exe
Windows_Keygen_allver.exe
WinXP_Keygen.exe
Winzip_Pass_Cracker.exe
Word_Pass_Cracker.exe
XP DVD Plugin.exe
XP ScreenSaver.exe
Yahoo_mail_cracker.exe
Pokemon.exe
Digimon.exe
exegen.exe

Check other viruses! Be aware! Use Antiviral Software

Ksenia.3599

Description Ksenia.3599

This is a dangerous memory resident polymorphic and stealth parasitic virus. It hooks INT 9 and 21h, and writes itself to the end of COM, EXE and SYS files that are accessed. Depending on the system conditions, the virus either hooks INT 21h by a standard method, or traces it and patches it with INT xxh code, where "xx" is randomly selected from the list of unused interrupts.
To detect an already infected file, the virus uses a file date stamp: the current year plus 100. Upon reading infected files and file searching functions, the virus runs its stealth routines; and upon writing to infected files, the virus disinfects them. The virus checks the names of victim files according to the list:
PKZIP,RAR,ARJ,LHA,ARC,DEFRAG,SPEEDISK,CHKDSK,BACKUP,MSBACKUP,SCANDISK,NDD

In case any of these files has been executed, the virus disables its stealth functions. In case the WIN.COM is executed, the virus adds the "/d:c" parameter to the command line. The virus does not infect files if their names begin with the strings:
FI,SC,VS,TB,DR,AV,F-,FP,AD,CO

On Mondays, if a file is executed at 5 minutes past any hour, the virus calls the Novell NetWare function SEND BROADCAST MESSAGE, and sends the message to the Net:
External System Error #05. Connection refused.

On Monday at 17:xx, the virus calls the SYSTEM LOGOUT Novell function.
The INT 9 (keyboard) virus hooker checks keyboard scancodes. If the 'KSENIA' text is entered, the virus displays the text, and halts the computer:
123 4 5 Deadman

On May 5th, when a current disk number is changed, the virus erases data on the current disk.
In additio to the strings listed above, The virus contains the texts:
[KSENIA]
Version 0.99 alpha
Copyright (C) 01/02/99 10:29:34 by Deadman
The Global Project devoted to Ksenia Chizhova

KSV Family

Description KSV Family

These are dangerous memory resident parasitic viruses. They hook INT 21h and write themselves to the end of EXE files that are executed. They contain lot of errors, and infected files often halt the system. The viruses contain/display the text strings:
+--------------------+
¦ KSV Aids ¦
+--------------------+

Home