Virus Database

ZhengZhou.3576.a

Description ZhengZhou.3576.a

This is a dangerous memory resident multipartite DOS virus.
ZhengZhou hooks INT 13h, 21h and first writes itself to the end of COM and EXE files that are executed, and to the MBR of the hard drive when infected files are executed. It then infects the boot sector of the floppy drive. Under a debugger ZhengZhou will also reboot the computer.
ZhenZhou may also infect files that are accessed by FindFirst/Next FCB function (DIR command). It may also erase hard drive sectors.

Check other viruses! Be aware! Use Antiviral Software

BAT.Batalia3

Description BAT.Batalia3

This is the harmless non-memory resident parasitic BAT virus. It searches for BAT files in the current directory, then infectes them. While infecting a file the virus run the ARJ archiver to pack necessary files. If there is no ARJ.EXE file in PATH, the virus fails to replicate itself.
The virus contains two parts of code and data. The first part (the header) contains DOS commands:
@echo off
rem YYY
arj x %0 -g""bÑpß >nul
ren p Int
call i
ren Int a.bat
echo on
@call a
@echo off
del i.bat
del a.bat
del BATalia3
The second part (the rest) is an ARJ archive. This archive contains the I.BAT file that is the main virus code and the additional files:
P, BATALIA3
The BATALIA3 file contains several additional batch commands. The P file contains original code of an infected BAT file.
Thus any infected file contains the text strings (DOS commands) and the binary data (ARJ archive).
When executed, the virus runs the ARJ archiver, extracts the I.BAT and runs it. This batch file then searches for not infected BAT files in the current directory and infects them.
While infecting, the virus saves an original BAT file to ARJ archive (file P) and overwrites it. As a result the length of a file infected by BAT.Batalia3 may be less than before infection.

BAT.Batalia4

Description BAT.Batalia4

This is the harmless non-memory resident parasitic BAT virus. It searches for BAT files in the current directory, then infectes them. While infecting a file the virus run the ARJ archiver to pack necessary files. If there is no ARJ.EXE file in PATH, the virus fails to replicate itself.
The virus contains two parts of code and data. The first part (the header) contains DOS commands:
@echo off
rem BAT4
arj x %0 >nul
call i
del sg
del i.bat
The second part (the rest) is an ARJ archive. This archive contains the I.BAT file that is the main virus code and the additional file named SG. The SG file contains several additional batch commands.
Thus any infected file contains the text strings (DOS commands) and the binary data (ARJ archive).
When executed, the virus runs the ARJ archiver, extracts the I.BAT and runs it. This batch file then searches for not infected BAT files in the current directory and infects them.
While infecting, the BAT.Batalia4 virus appends its code to the end of files and does not modify the original file contents.

Home