Virus Database

Zortech.836

Description Zortech.836

It's a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the beginning of COM- and EXE-files that are executed. Depending on the system time it reboots the computer. It contains the internal text string:
Zortech (C). Take Care of SoftWare all

Check other viruses! Be aware! Use Antiviral Software

Macro.Word97.Cyberhack

Description Macro.Word97.Cyberhack

This virus contains 25 macros in module "CyberHack": coba, CyInit, CyClose, Dok2Nor, Nor2Dok, Cyber, Tahan, Simpan, AutoOpen, FileClose, FileOpen, FileSaveAs, FileSave, HelpAbout, FileExit, ToolsOptions, FileNew, FileTemplates, ToolsMacro, ToolsCustomize, ToolsCustomizeKeyboard, ViewVBCode, Organizer.
The virus replicates on executing any auto macro, i.e. on opening documents, closing, saving etc.
The virus erases the menu item Tools/Macro. It also disables macros-viewing hot keys. On Friday on entering the menu item Help/About or on closing Word application the virus displays a form containing an image of virus' authors and their names.

The virus also contains the comments:
Macros By WinK'S Hacker
Picture By Casper Satan
Lebih baik mencoba dari pada tidak tahu sama sekali all
Mohon ma'af bila telah mengganggu Anda.
Microsoft memang gila ! Nambahin fasilitas pemrogramannya
keterlaluan untuk suatu word prosesor.
jangan harap kau datang lagi padaku

Macro.Word97.DasWoo

Description Macro.Word97.DasWoo

This a stealth and polymorphic macro virus. It contains two modules ThisDocument and VC. The first module contains auto-function that is named AutoOpen in infected documents and AutoClose in infected NORMAL.DOT.
So the virus infects other documents on closing and affects the system on opening an infected document.
While infecting the auto-function calls the UserForm_Click function that is placed in the second virus module VC. The infection is performed by export/import virus modules to the temporary C:ONE.SYS and C:TWO.SYS files. The virus then modifies its code, so it is different in NORMAL.DOT and infected documents. For instance, the virus inserts into NORMAL.DOT two more functions to support its stealth ability: ViewVBCode and ToolsMacro. The virus also inserts into the document comments that contains the name of user, current time and path to active printer.
On July 28 the virus displays a window with the text:

Home