Cherry.2266
Description Cherry.2266
It is a dangerous memory resident encrypted parasitic virus. Being executed it cuts the block of system memory, copies itself to there, hooks INT 8 (timer) and returns the control to the host program. Some time after the virus hooks INT 21h and starts to infect the files that are opened or are accessed by FindFirst DOS function (that function is also called while executing a file). The virus writes itself to the end of .COM and .EXE files. The virus has a bug and in some cases halts the system.
Depending on its counter the virus manifests itself by some video effect (that code is corrupted in my sample of the virus), displays the messages:
Enter your name :all.
_____ ____________ _--STEALTH MUTANT-- Best< >
_¦ _________+__+____¦Arkhangelsk'95
_____+______¦__¦ __++ÇâÆô/¥ÅÅ/IV
---+-+-+--+-+ -+ -+ Hi
[Note: contains high ASCII chars that cannot be properly displayed with HTML]
Check other viruses! Be aware! Use Antiviral Software
Sair.1150
Description Sair.1150
It is a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed. It encrypts the disk sectors, and then displays:
Ben bir garip virusum
Disket disket gezerim
Bugun kismet sendeymis
Yarin belki kimdeyim
Sair virus
It also contains the text:
Fuck Serb Virus (C) 1993 by Turkey Boys!
Salamanca.1205
Description Salamanca.1205
It is a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the beginning of COM files that are executed. The virus has bugs and often halts the computer. Depending on the system time and its flags the virus creates the VIRUS file in root directory on the current drive and writes the text SALAMANCA to there. The virus then reads and modifies in some way the root directory of the C: drive.
|