Burger.560.h
Description Burger.560.h
This is a dangerous, non-memory resident parasitic overwriting virus. It writes itself to the beginning of COM files of the current drive.
It can erase the sectors of disks with random numbers. Some of the viruses contain the string: "Function not supported by network'Required system component n".
It contains the internal text "RB2 - LiquidCode ".
Check other viruses! Be aware! Use Antiviral Software
Macro.Excel.Neg
Description Macro.Excel.Neg
This virus infects Excel sheets. It contains six functions in one module Dollar: Auto_Open, Fuck, Auto_Close, cek_global, infectglobal, and inFuckIt.
While loading an infected document, Excel executes auto macros auto_open, and the virus takes control. The virus auto_open macro contains a command that defines the F*ck macro as a handler of the OnSheetActivate routine. As a result, the virus hooks the sheet activate routine, and while opening a sheet, the virus takes control.
When the auto_open macro takes control, it searches for DOLLAR.XLM files in the Excel Startup directory. If the infected macro is an active Workbook and the DOLLAR.XLM file does not exist in the Excel Startup directory when the virus is executed for the first time, the virus creates this file and saves its code to it by using the SaveAs command. When Excel loads its modules the next time it automatically loads all XLS files from the Startup directory. The infected DOLLAR.XLM is loaded along with other files, and the virus takes control and hooks the sheet activation routine. Upon activation of a sheet, the virus copies its code to the active Workbook and as a result, spreads its code to this sheet.
The virus deletes 25 menu items related to macro viewing/editing/etc, if they exist. On the 13th of any month, it appends to the C:AUTOEXEC.BAT file commands that erase Windows files:
@ECHO OFF
CLS
cdwindows
del *.com >nul
del *.vxd >nul
del *.drv >nul
del *.dll >nul
The virus contains the comments:
------------------------------------------------
Generated with NEG !!. Please include this text
------------------------------------------------
NEG is Trademark of NoMercy
Date generated : 27- 3- 1998
VirusName: Dollar
Author: NEG
Module Name: Dollar
Template: DOLLAR.XLM
Macro.Excel.Ninja
Description Macro.Excel.Ninja
This virus infects Excel spread sheets (XLS files). It contains one module, "Ninja," that has two functions: "auto_open" and "Infect_Ninja".
The virus "auto_open" macro contains just one command that defines the "Infect_Ninja" macro as a handler of the OnSheetActivate routine. As a result, the virus hooks sheets activation, and, while opening a sheet, the virus (the Infect_Ninja macro) takes control.
When the Infect_Ninja macro takes control, it searches for NINJA.XLS files in the Excel Startup directory and checks the count of modules in the current Workbook.
If the infected macro is an active Workbook and the NINJA.XLS file does not exist in the Excel Startup directory, the virus decides that it is being executed for the first time. The virus then creates the NINJA.XLS file in the Excel Startup directory and saves its code to it by using the "Save As" command.
When Excel loads its modules the next time, it automatically loads all XLS files from the Startup directory. The infected NINJA.XLS is loaded as well as other files, and the virus takes control and hooks the sheet activation routine.
If the NINJA.XLS file exists in the Excel directory, the virus copies its code to the active Workbook. As a result, the active Workbook is infected.
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
|