Virus Database

Zhitomir.1654

Description Zhitomir.1654

This is a relatively harmless memory resident parasitic virus. It hooks INT 21h and 28h searcher files, and writes itself to the end of EXE files that are changed in a directory. The virus doesn't infect files with the following chars:
ADIN, DINF, DRWE, AIDS, ANTI, WEB
It also contains the following text strings:
Programmed in Zhitomir Politechnical Institute
FICT is the best! (AU - /// ,virmaker)

Check other viruses! Be aware! Use Antiviral Software

Backdoor.Agobot.gen

Description Backdoor.Agobot.gen
This is a classical backdoor and allows a 'master' to control the victim machine remotely by sending commands via IRC channels.
Installation
Agobot copies itself into the Windows directory under random names and then registers itself in the system registry auto-run keys:
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices]
Manifestations
Agobot connects to various IRC servers opening channels identified in the body of the worm. It is then ready to receive commands from the 'master', who can now download and launch files on the victim machine, scan other computers for vulnerabilities and install itself on these vulnerable machines.

Backdoor.Antilam.gen

Description Backdoor.Antilam.gen

Antilam is a family of remote administration trojan programs. The backdoor code allows remote users to control victim computers over a local network or the Internet. Most of the features are configured by the hacker(s) exploiting Antilam by using a special server editor program. There is also a special client program that provides a user-friendly graphical interface for connecting to the trojan program and for sending remote administration commands. The main trojan application is written in Delphi and compressed with the UPX compression utility. Antilam's size varies depending on the specific version.
Usually, the trojan copies itself to the root directory or to one of the Windows directory subdirectories, where it proceeds to establish the ability to be executed automatically when Windows is started.
The remote administration commands allow Antilam to perform the following actions on victim computers:
- shut down or remove the trojan program
- gather system and owner information
- load and eject CD-ROM contents
- "mess" with the Windows Desktop contents
- turn off or speed up the mouse movement
- show user-defined messages
- manage open windows
- restart or shut down the computer
- change the system date
- turn off the keyboard - manage files on victim computer disks
- gain full access to the system registry
- change screen resolution
- save any information that is typed by the victim
- print user-defined texts
- change Windows color schemes
- manage dial-up connections
- manage the remote clipboard
- chat with other hackers that are connected to the victim computer

Home