YB Family
Description YB Family
These are harmless nonmemory resident parasitic viruses, "YB.2328,2330" are polymorphic viruses with TPE polymorphic generator. They search for COM files and write themselves to the end of the file. Some of them scan the area of DOS code for original INT 21h handler before infecting the files. "YB.402" displays the random data and halts the computer. "YB.405" creates empty directories and displays the message.
These viruses contain the text string:
"YB.299,300": INSERT YOUR NAME HERE *.?OM
"YB.316": Silent Runner by Nostradamus [NuKE'94]
"YB.402,405": DOS Abraxas 13 00000001. OUCH!
"YB.425,426,466": YB-1 & Handsome Dick Manitoba / Köhntark*.COM
"YB.647,2277": YB-2 / Köhntark*.COM
"YB.2328,2330": YB-1 / Köhntark*.COM
"YB.Funkware.235": AV Funkware Evaluation League of [NuKE'94]*.c?m
Check other viruses! Be aware! Use Antiviral Software
Rauser.164.a
Description Rauser.164.a
These are dangerous memory resident encrypted viruses. They hook INT 21h and while executing .COM files overwrite them, and while executing .EXE files create the companion .COM file.
"Rauser.250,253" display:
Maaike I Love You !
RavenSys.1324
Description RavenSys.1324
It is not a dangerous memory resident parasitic virus. It writes itself to the end of SYS files (device drivers). The header of the virus contains the text: "RAVEN00X". The virus hooks INT 21h, intercepts Exec DOS call (4Bh) and on executing any program searches for SYS files and infects them.
When an infected driver is loaded into the memory, the virus hooks INT 21h and stays memory resident. It does it in two different ways depending on the system conditions. In case of first way, the virus leaves its TSR copy at the same addresses as being loaded. Then it waits for DOS system ChangeMemory call (AH=4Ah), allocates new block of memory and copies itself to there. In case of second way the virus writes its code on the first track of the hard drive (not used sectors) and copies its "loader's" (90 bytes) code to Interrupt Vectors Table. Then it, the same as in case of first way, waits for ChangeMemory DOS call, allocates a block of memory, and reads to there its code from the hard drive.
While installing memory resident the virus displays the message:
+-+---·-· · · Raven Sys Infector 1.0 · · ·----+-+
+-+-----------------------------------------------------------------+-+
+-¦-+ Created By Stone Shadow +-:-¦
+-:-+ Copyright (c) 1995 - 96 By COEAC Viral System Development. +-¦-¦
+-+-----------------------------------------------------------------+-+
+-+--- ·· · · Creatures Of Electronic Anti Christ · · ·· ---+-+
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
|