Virus Database

Worm.P2P.SpyBot.a

Description Worm.P2P.SpyBot.a
SpyBot is a peer-to-peer worm with backdoor capabilities that can also spread via computers infected with some Backdoor programs. The worm is a Windows PE EXE file that is written in Visual C++.
Installation
While installing itself the worm copies itself to the Windows system directory and sets the Hidden attribute for its copy. This file is then registered in the system registry in the following auto-run key entries:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
HKLMSoftwareMicrosoftWindowsCurrentVersionRunOnce

On Windows 9x machines the worm hides itself from the task list.
SpyBot also tries to kill some firewalls and anti-virus programs.
Spreading
During the installation process, SpyBot copies itself to the kazaabackupfiles subdirectory in the Windows system directory and registers it as a subdirectory for Kazaa shared files.
Additionally, upon request by the worm's master (controller), the worm searches the Internet for hosts infected with the malicious programs Backdoor.Kuang and Backdoor.SubSeven and uploads itself to these hosts.
Backdoor
The backdoor routine allows a remote master (person or people controlling the worm's backdoor functions) to perform the following actions:
get detailed computer information including the names of the running processes
steal cached passwords in Windows 9x
download a file from a Web site
delete, rename, or execute a file
perform DoS attack on remote computer
scan ports and IP addresses
Other
The SpyBot worm can run a hidden HTTP server on infected machines. It also establishes a keyboard spy (code that records all key strokes a user makes on an infected machine) and, upon its master's request, sends the log file of all keyboard actions to the master.

Check other viruses! Be aware! Use Antiviral Software

Hymn.2144

Description Hymn.2144

This is a very dangerous encrtypted memory resident parasitic virus. It hooks INT 21h, and writes itself to the end of COM and EXE files that are executed, closed, renamed or when the file attributes are changed.
When the date and month correspond in number (January 1st, February 2nd,all), this virus destroys a part of the system information in the C: disk boot sector, then it plays the former USSR national anthem, and decrypts and displays the picture.
When corrupting the boot sector, the virus sets the bytes to zero in the boot sector that contains the number of bytes in a sector, number of sectors in a cluster, number of FAT copies, etc - a total 9 bytes. If the boot sector of a computer running in the MS-DOS environment is changed in such a way, the computer remains unbootable both from the hard disk and the floppy drive. To restore information, it is necessary to use special utilities.

Hypnotiser.1784

Description Hypnotiser.1784

It is not a dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed. When anti-viruses AVP, WEB, DRWEB are executed, or Windows is started, the virus removes itself from the memory. The virus also does not infect the files AIDS*, ADIN*, ANTI*, e.t.c according to the string (four bytes per name):
AIDSADINANTIMSAVCOMMNAV.

The virus deletes the anti-virus database CHKLIST.MS. On 10th of any month depending on the system timer the virus manifest itself by a video effect. The virus also contains the text:
HYPNOTiSER. By bQNVvLA&|^JM :6'

Home