Virus Database

Cherry.2266

Description Cherry.2266

It is a dangerous memory resident encrypted parasitic virus. Being executed it cuts the block of system memory, copies itself to there, hooks INT 8 (timer) and returns the control to the host program. Some time after the virus hooks INT 21h and starts to infect the files that are opened or are accessed by FindFirst DOS function (that function is also called while executing a file). The virus writes itself to the end of .COM and .EXE files. The virus has a bug and in some cases halts the system.
Depending on its counter the virus manifests itself by some video effect (that code is corrupted in my sample of the virus), displays the messages:
Enter your name :all.
_____ ____________ _--STEALTH MUTANT-- Best< >
_¦ _________+__+____¦Arkhangelsk'95
_____+______¦__¦ __++ÇâÆô/¥ÅÅ/IV
---+-+-+--+-+ -+ -+ Hi

[Note: contains high ASCII chars that cannot be properly displayed with HTML]

Check other viruses! Be aware! Use Antiviral Software

DiskFiller

Description DiskFiller

This is a very dangerous stealth virus that hits Boot-sectors of floppy disks and the MBR of hard disks during access. This virus formats an additional track on the floppy disk (the 40th on 360K size and 80th on 1.2M) and then puts its code there. After that, the virus mounts its head part into the boot sector of the floppy, its original contents is practically unchanged. On a hard disk infection, the virus places its body just after the MBR. Inside the MBR, it changes the active boot sector address only and sets this address to the sector containing the beginning of the virus code.
When COMMAND.COM is started, the virus moves itself into the low address memory area. According to the system time it encrypts and displays the message: Haha,vírus van a gépben!! Ez egy eddig még nem közismert vírus. De hamarosan az lesz. A neve egyszerüen töltögetö Ezt a nevét onnan kapta, hogy feltöltögeti a FAT-táblát kölönbözö alakzatokkal. Ez már meg is történt !!!

and then "draws" in the FAT sectors the following picture:
****** ******
* ** *
* * * ** * * *
* ** *
* **** ** **** *
* * * *
**** ****

The virus also contains the string "command.com", hooks INT 13h,1Ch,21h.

Disnomia.1516

Description Disnomia.1516

It is not a dangerous memory resident encrypted parasitic virus. It traces and hooks INT 21h, then it writes itself to the end of EXE files that are executed or opened. On May 19th at 12:00 the virus decrypts and displays the message:
!!! Virus DisnomiA !!!
code: 42805770-2e872
!!! Happy Bitrhday !!!
!!! 2 ME !!!

Home