Virus Database

Yoyo.1271

Description Yoyo.1271

It is a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are accessed. On accessing to the files with name extension: TXT, DOC, 1ST, ME?, the virus appends to the end of file 50 data bytes.
From 3rd till 8th of January the virus calls trojan subroutine. It writes trojan code to the MBR sector of hard drive and "hang up" the computer. The trojan code in MBR sector on next reboot erases the CMOS memory, decrypts and displays the message:
I and the public know
What schoolchildern learn
Those to whom evil is done
Do evil in return

Check other viruses! Be aware! Use Antiviral Software

PMBS

Description PMBS

It's a dangerous memory resident boot virus. On loading from infected disk it copies itself into extended memory, switches the PC into protect mode and run virtual V86 machine. The DOS and applications will be executed under that virtual PC. It hooks all interrupts (from 0 till FFh) and checks the critical situation. On critical situation on reading the floppy it infects it (the MBR of hard drive is infected on loading from infected floppy). On other critical situation it displays one of the messages and hangs the computer up:
Unimplemented Interrupt:
Offending instructions:
General Protection Fault:
Offending instructions:
Offending CS:IP:

This virus contains the internal string "PMBSVIRS" also. PMBS is a stealth virus. It checks the ports input/output (by using protect mode 386 features) and corrects the data which is for output on reading infected MBR.
This virus contains several errors, including the error of principle. The programmer's bug is the infection of the floppy. The virus saves on floppy the part of itself only, not all code. The virus consist of two parts of code - the code which is executed in real mode (on loading and on infection then the virus jumps to V86 mode), and the code of protected mode. The virus doesn't save the code which is executed in protected mode. The second generation of the virus will hang up.
The problem of principle is using of infected i386 as i86 only. The virus can't let switch i386 in protected mode again. So, EMS386, QEMM386, MS-WINDOWS e.t.c. will not work. Moreover, the DOS command MEM will hang up infected PC. It's because this program checks extended memory also, and the virus stops it.

PME.Burglar.3260

Description PME.Burglar.3260

It is a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the beginning of COM (except COMMAND.COM) and to the end of EXE files that are accessed as well as on FindFirst/Next calls (DIR command). Depending on the system date it displays the message and halts the computer:
Hello! This is [Super Virus-2] all written by Burglar in Taipei, Taiwan

Home