Virus Database

Worm.Win32.Lemoor.a

Description Worm.Win32.Lemoor.a

This worm spreads via the Internet, propagating via a vulnerability in the FTP server of Worm.Win32.Sasser.
Only computers which have already been infected by Sasser are vulnerable to Lemoor.
Lemoor is written in Assembler, and is packed using FSG. The packed file is 1985 bytes in size, and the unpacked file is approximately 20992 bytes in size.
Installation
When lanuching, the worm registers itself in the sytem registry, to ensure that it is run each time the system is launched:
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
[Ephemeral 2.4] by TreeHugger, = <path to file>
Propagation
The worm sends a broadcast quest and waits for responses from machines infected by Sasser.
When it receives an answer from a victim machine, it utilizes a vulnerability in the FTP server installed by Sasser to launch its command shell on a randomly chosen port. It then sends its body to the victim machine and launches it.
Other
The worm is only programmed to propagate: it does not have any other payload.

Check other viruses! Be aware! Use Antiviral Software

Indonga.4010

Description Indonga.4010

This virus also hooks INT 20h and 2Fh and infects COMMAND.COM as well as COM and EXE files that are accessed.
On September 16, February 25, March 21, and August 27, it erases the disk sectors and displays:
PINDONGA Virus V5.6. (Hecho en ARGENTINA)
Programado por Otto (16977)
Saludos a MAQ-MARIANO-SERGIO-ERNESTRO-COSTRA-PABLIN
PD: Alguien mate a Bill Gates (El WINDOWS SE CUELGA)
PINDONGA Virus (Programado por OTTO en ARGENTINA) 16977.
Depending on the system conditions, "Indonga.4010" erases the hard drive sectors and displays:
+-----+
|SARIN|
|VIRUS|
+-----+
|HECHO|
| POR |
|-NOP-|
+-----+

Industrial.1841

Description Industrial.1841

It is not a dangerous nonmemory resident encrypted parasitic virus. It searches for .COM files (except COMMAND.COM) and writes itself to the end of the file. It checks the system environment area for string "PROTECT=ON", and does not infect the file if such string is found. On 20th of every month the virus displays the message:
Warning lights are flashing down at Quality Control
somebody threw a spanner and they threw him in the hole
there's rumors in the loading bay and anger in the town
somebody blew the whistle and the walls came down
there's a meeting in the boardroom they're trying to trace the smell
there's a leaking in the washroom there's a sneak in personnel
somewhere in the corridors someone was heard to sneeze
'goodness me could this be Industrial Disease?'
('Industrial Disease' by Mark Knopfler).
You should have protected your disk better - this could have been a dangerous
virus. You have been lucky this timeall
(As all other programs this virus is protected against copying by federal law.)
Press any key to start your own program:

Home