Virus Database

Worm.Win32.Fleming

Description Worm.Win32.Fleming
Fleming is a malicious program that steals CD-Key information from the "Counter-Strike" and "Half-Life" games. It invites users to download this trojan program using Windows (.NET) Messenger. It also tries to download and install other malicious software from the Internet.
General Information
The worm program is a 32-bit Windows application (EXE file) written in Visual Basic, its size is 53248 bytes.
Fleming doesn't install itself into the victim system, it runs only when it is executed by the victim (for example, by double-clicking its icon in Windows Explorer).
Payload
The worm program tries to download and execute two files located on the Internet at
http://home.no.net/downl0ad/
The files are downloaded and saved to the following locations:
C:update35784.exe
C:hehe2397824.exe
Next, the worm connects to Windows (.NET) Messenger and waits for incoming messages. If it receives proper messages from
styggefolk@hotmail.com
, it sends a response containing "Half-Life" and "Counter-Strike" CD-Key information.
Fleming searches for all Windows (.NET) Messenger contacts, and sends each entry the following message:
Worm.Win32.Fleming's Windows Messenger Message:

Check other viruses! Be aware! Use Antiviral Software

Crepate.1944

Description Crepate.1944

This is dangerous memory resident multipartite encrypted virus. On execution of infected file it infects the current drive: boot sector if the current drive is floppy one, and MBR if it is a hard drive. On loading from infected disk the virus hooks INT 1Ch, waits for DOS loading, hooks INT 21h and writes itself at the end of the COM files that are accessed. Depending on the system timer the viruses erase the disk sectors.
The virus contains the following internal text strings:
Crepa R.T. (c) by MI BRACCOBALDO 1992/93 (CREPA)
Italian Virus Laboratory (PISA) Released 3.0 - REDRUM.
Crepa - R.T.

Crepate.2910

Description Crepate.2910

This is dangerous memory resident multipartite encrypted virus. On execution of infected file it infects the current drive: boot sector if the current drive is floppy one, and MBR if it is a hard drive. On loading from infected disk the virus hooks INT 1Ch, waits for DOS loading, hooks INT 21h and writes itself at the end of the COM files that are accessed. Depending on the system timer the viruses erase the disk sectors.
The virus contains the following internal text strings:
COMcomEXEexeOV?ov?
Crepate (c)1992/93-Italy-(Pisa)
Crepa(c) bye R.T.

Home

Viruses from A to Z
0-9 A B Ñ D E F G H I J
K L M N O P Q R S T
U V W X Y Z

    Copyright © 2005 Virus-Database.com
© 2005 Virus-Database.com