Virus Database

Damir.878

Description Damir.878

It's a harmless memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of COM-files that are accessed. On file opening it disinfects it. This virus contains the internal text string:
(C) DAMIR V.áZadar 1994 :))))))

Check other viruses! Be aware! Use Antiviral Software

Backdoor.CyberSpy

Description Backdoor.CyberSpy

Backdoor.CyberSpy is a malicious program which portrays itself as a telnet-server. It informs its creator about the presence of networks via either e-mail or ICQ and contains a component allowing it to make adjustments.
Upon execution of this program the virus copies itself into the Windows system directory and registers itself in the system registry so that it will start each time an infected system is rebooted. Once this is done it sends a notice via e-mail or ICQ (according to settings made by its author), and then begins to listen to a given TCP/IP port clandestinely. Having received the message sent back by the virus (information about specific networks sent back by the virus via ICQ or e-mail), the hacker controlling Backdoor.CyberSpy, with the help of any telnet-client, gains access to a victim computer's command line (prompt).

Backdoor.Death.18

Description Backdoor.Death.18

Backdoor Death is a Trojan horse family. These Trojan programs allow remote, anonymous access to victim computers and permit hackers to steal user passwords. Backdoor Death has three components: server, client and a utility used to set up server components.
Set-up Utility
This utility lets the hacker(s) controlling the backdoor Trojan to configure the server according to their requirements - for example they can: change the file server name, register in the system, make server icons, send email with stolen passwords, alter firewall settings (if victim computers have one installed), and more.
Server Component
Upon sever boot the backdoor code is copied to the system directory according the settings determined by the set-up utility. The server registers itself either in the system registry or in the file system.ini or win.ini directories. In this way the server ensures its code is run upon operating system boot or reboot. The server component is able to determine if any other viruses are currently infecting a victim computer. If one is detected Backdoor.Death shuts it down so that it does not get in the way of updating server components. In addition the server program is able to determine any installed firewall on victim machines, and is able to remove from memory firewall processes so that Backdoor.Death's controllers can transfer information over a network undetected.
Additionally, the server component monitors keyboard activity and records all keys pressed in a log file, which can then be analyzed by the virus' controller. The server component can also steal user login and password information and send this information back to Backdoor.Death's contoller(s) via email - according to the settings chosen in the server setup utility. When connecting to the Internet the server component sends a message to the site http://Idteam.org where the hackers controlling Backdoor.Death can register and see which computers are currently accessible.
Client Component
The Client component allows hackers controlling Backdoor.Death code to connect to the server component and perform an array of actions such as:
- viewing password information cached in the system
- viewing the list of open windows
- manipulating system files (copy, alter, delete and catalog)
- taking screen shots of the desktop
- manipulating the registry
- sending messages to victims or summoning victims for "chatting"

Home