DAME-based Viruses
Description DAME-based Viruses
DAME (Dark Angel's Multiple Encryptor) is a polymorphic generator as the MtE or TPE generators. It creates the decryption routine and encrypts the virus body, then the virus saves this part of code in file on infection.
DAME.Lame.2326
It's harmless not memory resident parasitic virus. It searches for .COM-files and writes itself at their ends. It contains the internal string:
This is a lame virus slapped together by DA/PS
To demonstrate DAME 0.91
DAME.Trigger
It's a harmless (?) memory resident parasitic virus. It hooks INT 21h and writes itself at the end of COM- and EXE-files are executed. On installation it searches for some TSR program and calls it. This virus contains the internal text string:
Trigger by Dark Angel of Phalcon/Skism
Utilising Dark Angel's Multiple Encryptor (DAME)
Check other viruses! Be aware! Use Antiviral Software
Macro.Word.Onyx.a
Description Macro.Word.Onyx.a
This encrypted German-specific virus contains one macro with different names in different infected documents: DateiSpeichern, or DateiÖffnen, or DateiSchließen. As a result the virus replicates on saving, or opening, or closing documents. While infecting a document the virus changes its macro name to a new one and stores it in the system registry in HKEY_USERS.DefaultSoftwareOnyx.
On October 27 the virus halts Pentium-computers. The virus contains the comment:
(08.03.1998) / Loving thoughts to T.E.S.S.A!
This was done by Onyx / Germany 1998
Macro.Word.Ordo
Description Macro.Word.Ordo
This is a Word macro virus - it contains two macros: AutoOpen, ORDO. It replicates itself on closing a document. The virus does not install itself into the global macros area - to infect other documents the virus opens the recently used file list and infects the documents that are listed in there.
On July 2nd the virus registers in the system the screen-saver SYSTEMMARQUEE.SCR, but does not create this file.
|