Virus Database

Daemaen.2041.a

Description Daemaen.2041.a

This is a memory resident encrypted multipartite virus. It writes itself at the end of COM, EXE and SYS files, the files SC*.*, CL*.*. VS*.*, F-*.* are not infected. On execution of infected program this virus tries to infect MBR sector of hard drive, it saves the original MBR sector and its body at the 9/10/11/12 physical sectors of hard drive and then writes new infected MBR. This virus hooks INT 13h and infects boot sectors of floppy disks also, the original boot sector and the virus body are stored at the last sectors of floppy. The virus hooks INT 21h also, it hits the files on accessing to them. This virus looks like a harmless ones but during one of experiments one of the samples erased the FAT of test computer. It contains the internal text strings:
[DäeMåên] by TäLöN-{{NûK_}
Hugs to Sara Gordon
Hey John! If this is bad, wait for [VCL20]!
For Dudley
[VCL20ß]/TäLöN_ï
COMEXEBINOVLSYS

Check other viruses! Be aware! Use Antiviral Software

Macro.Word.Beeper.a

Description Macro.Word.Beeper.a

These are encrypted Word macro viruses. They contain six original macros in NORMAL.DOT and infected documents:
"Beeper.a": AutoExec, AutoClose, AutoOpen, AutoNew , TheTime , Kill
"Beeper.b": AutoOpen, TFGAMV, AutoExec, AutoNew, AutoClose, Joke

While infecting global macros area (NORMAL.DOT) "Beeper.b" also creates two addition macros with random selected names. These macros contain copies of the TFGAMV and Joke macros.
The viruses infect the global macros area while infecting an opening document. They write themselves to documents while opening existing or creating a new document (AutoOpen, AutoNew).
Beeper.a
It maximizes Word windows and inserts into the current document the text:
You are infected with
The Time
A virus from Cool Zero

The virus does not executes the Kill and TheTime macros, i.e. they may be activated only by user's request (by File/Templates or Tools/Macro menus). When activated, the TheTime macro checks the system time and at 15:59 beeps and displays the MessageBoxes:
Hi I'm the Time virus
I don't like Your COMMAND.COM and AUTOEXEC.BAT
Play with me !! :-)
You have 1 Minute time to find me
Find me, I do nothing
Find me not
SAY BYE TO YOUR COMMAND.COM AND AUTOEXEC.BAT

The Kill macro at 16:00 deletes the files C:COMMAND.COM and C:AUTOEXEC.BAT.
Beeper.b
This virus prints documents on opening them (AutoOpen). At 17:00 it tries (but fails) to create and execute the SMILEY.COM file. This file contains an "intended" DOS virus.

Macro.Word.Bertik

Description Macro.Word.Bertik

This is an encrypted macro virus. It contains four macros that have different names in infected documents and NORMAL.DOT:
Documents NORMAL.DOT
AutoOpen YYYAO
XXXAO AutoOpen
XXXFSA FileSaveAs
XXXFS FileSave
PayLoad PayLoad

The virus infects the system on opening an infected document (AutoOpen) and writes itself to other documents on opening and saving (AutoOpen, FileSave, FileSaveAs).
On each infection the virus copies the WINWORD.HLP file to TEMPLATES .WRD file, where 'n' in number of infection. In case of error the virus displays one of MessageBoxes:
DúleOitè upozornini
!!! Tohle zpùsobil virus Bertik.1 !!!
!!! Made by virus Bertik.1 !!!

Home