ZhengZhou.3584.a
Description ZhengZhou.3584.a
This is a dangerous memory resident multipartite DOS virus.
ZhengZhou.3584.a hooks INT 13h, 21h and first writes itself to the end of COM and EXE files that are executed, and to the MBR of the hard drive when infected files are executed. It then infects the boot sector of the floppy drive.
ZhenZhou.3584.a may also infect files that are accessed by FindFirst/Next FCB function (DIR command). It may also erase hard drive sectors.
ZhenZhou.3584.a contains the following text strings:
Zheng Zhou, China. 1993
Thank for your helping, Good-bye !
Under a debugger ZhengZhou.3584.a tries to format the hard disk (but fails), and displays the messages:
Do not turn OFF the computer when WOLF is working !
Insert DOS diskette in drive A:
Strike any key when ready all
Check other viruses! Be aware! Use Antiviral Software
Puke.393
Description Puke.393
It is not a dangerous memory resident parasitic virus. It copies itself into the Interrupt Vectors Table, hooks INT 21h and writes itself to the end of COM and EXE files that are executed. It contains the text string:
[PuKE]
Pulce.1840
Description Pulce.1840
It is not a dangerous memory resident encrypted parasitic virus. It hooks INT 21h. When any file is executed, the virus searches for COM and EXE files of the current directory and writes itself to the end of the file. It does not infect the files from the string:
COMMAND.SCAN.CLEAN.F-PROT.KRNL286.KRNL386.QBASIC.VPIC.
Depending on the system time it also hooks INT 8 (timer) an manifests itself with some video and sound effects, displays the strings:
Hey! C'e' una PULCE nella CPU!!!
PULCE! v2.1 24/4/94 by ALall
Ingegneri d'Ancona succhiate il cazzo e fatemi usare il PC!
Adesso e' ora di fare festa!
BERLUSCONI BOIA!
PULCE! Libera di andare dove vuole
|