Yosha.512
Description Yosha.512
It is a very dangerous stealth virus that infects EXE files and the MBR of the hard drive. When an infected EXE file is executed, the virus infects the MBR and reboots the computer. While loading from infected MBR the virus cuts a block of the system memory by decreasing RamSize word at the address 0000:0413, hooks INT 13h and then writes itself to the beginning of EXE files that are accessed.
While infecting a file the virus saves the original EXE header to the random selected sector on the disk and stores that address in the EXE header. While accessing to an infected EXE file the virus gets the address of the sector that keeps the original EXE header and reads it from the disk to the read/write buffer. This routine realizes the complete stealth algorithm, but the disk sectors at the random selected addresses may be corrupted by the virus.
Check other viruses! Be aware! Use Antiviral Software
Srp Family
Description Srp Family
These are not dangerous nonmemory resident parasitic viruses. They search for .EXE files and write themselves to the end of the file. "Srp.2248" beeps after infection of the next file. While executing and infecting "Srp.2306" displays the messages:
This is SRP !!! (c)Copyright 1993,1994 Y&Y corp. Moscow
Successfully
SRX.2304
Description SRX.2304
It is a very dangerous memory resident parasitic virus. It hooks INT 21h and when files are created or executed, it searches for .COM and .EXE files and writes itself to the end of file. The virus has bugs and corrupts some files while infecting them. While infecting the virus also deletes the anti-virus data files CHKLIST.CPS and CHKLIST.MS.
On December 2nd it erases hard drive sectors, decrypts and displays the message:
25 WAYS TO PREVENT A VIRUS ATTACKall.
No.2 ALWAYS USE CONDOMS !!
No.25 SELL YOUR COMPUTER !
While installing memory resident from an infected EXE file the virus does not return control to the host program, but displays standard DOS error message "Bad command or file name" and returns to DOS. As a result infected EXE files do work only if the virus is already active in the system memory.
The virus contains the ID-string:
SRX
|