Virus Database

Daemaen.2041.a

Description Daemaen.2041.a

This is a memory resident encrypted multipartite virus. It writes itself at the end of COM, EXE and SYS files, the files SC*.*, CL*.*. VS*.*, F-*.* are not infected. On execution of infected program this virus tries to infect MBR sector of hard drive, it saves the original MBR sector and its body at the 9/10/11/12 physical sectors of hard drive and then writes new infected MBR. This virus hooks INT 13h and infects boot sectors of floppy disks also, the original boot sector and the virus body are stored at the last sectors of floppy. The virus hooks INT 21h also, it hits the files on accessing to them. This virus looks like a harmless ones but during one of experiments one of the samples erased the FAT of test computer. It contains the internal text strings:
[DäeMåên] by TäLöN-{{NûK_}
Hugs to Sara Gordon
Hey John! If this is bad, wait for [VCL20]!
For Dudley
[VCL20ß]/TäLöN_ï
COMEXEBINOVLSYS

Check other viruses! Be aware! Use Antiviral Software

APME.Demo.620

Description APME.Demo.620
APME is an ordinary polymorphic generator such as MtE and TPE. There is only one known virus APME.Demo that is included in APME.ZIP distribution package as APME.COM file. The virus opens APME.COM file, and overwrites it with new virus copy. Then the virus displays:
[_PME] Alpha PolyMorphic Engine by ViKing - Version 1.04b

Apo.2108

Description Apo.2108

It is a very dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the beginning of .COM and end of .EXE files that are executed. While infection of the files the virus renames them to the name X$X$$X$X.$X$, infects and then renames back to original name.
While infecting .EXE files the virus corrects several fields in EXE header: the virus increases the length of EXE header to cover original contents of the file. As a result the original file body is defined as EXE header, and while loading such file info the memory DOS loads only the virus body. Then the virus opens the host file, restores the fields in EXE header, executes host file, and then writes "infected" fields back to EXE header.
The virus also hooks INT 1Ch and some time after installation erases the disk sectors. The virus has the bugs, and in some cases halts the computer. The virus contains the encrypted text string:
ApoVir

Home