Budo.890
Description Budo.890
These are memory resident dangerous overwriting viruses. On execution they type one of the messages:
"Budo.890": Run time error
Bad command or file name
"Budo.1000": Incorrect DOS version
Then "Budo.890" hooks INT 8 (timer) and INT 9 (keyboard). It waits several minutes and then searches for the .COM- and .EXE-file of the current directory and overwrites them.
"Budo.1000" hooks INT 21h and on execution of any file it searches and overwrites .COM- and .EXE-files of current directory.
These viruses contain the internal text strings "*.COM *.EXE" and:
"Budo.890": BUDO V1.2 TH-HV FINLAND
FLOW LIKE A RIVER - STRIKE LIKE A THUNDER
"Budo.1000": BUDO V1.0 April/92.
T-H & HV Finland.
Flow like a river - strike like a thunder.
Check other viruses! Be aware! Use Antiviral Software
Lurid Family
Description Lurid Family
These are not dangerous nonmemory resident encrypted parasitic viruses. They write themselves to the end of .COM files. Being executed they infect the C:COMMAND.COM file and then search and infect .COM files of the current directory. Depending on the system date and time they create READTHIS.1ST file and write to it Nazi messages and the strings:
ThIS iS tHE VeRB oF "TNk²ViRaL AvEnGEr"
A CopYRiGHtEd ViRuS!!! (C) 1993,94 bY [nUKe'eM aLL StORm]
LV.477
Description LV.477
This is a dangerous memory resident parasitic virus. It copies itself into the system memory at the address 99C2:xxxx, and does not fix MCB list, that might halt PC. Then the virus hooks INT 8, 21h and stays memory resident.
The virus infects only COMMAND.COM files when an infected files is executed, and from its TSR-copy when the files are opened. While infecting, the virus uses "Lehigh" method, and the length of the file does not grow.
Under infected system conditions the system speaker plays beeps (INT 10h, ax=0E07h).
|