Virus Database

DarkElf family

Description DarkElf family

These are harmless memory resident encrypted parasitic viruses, "DarkElf.3691" is a polymorphic virus. They hook INT 21h and write themselves to the end of COM and EXE files that are executed or opened. The viruses do not infect the files: AIDS*.EXE, DRWEB*.EXE, WEB*.EXE, SCAN*.EXE, -*.*, AVP*.*, AVSP*.EXE, TB*.EXE, COMMAND.COM, IBM*.*, WIN*.COM
The viruses use several levels of encryption as well as several anti-debugging tricks. They contain the text strings in Russian and:
"DarkElf.2200":
[Dark Elf] version 2.1 CopyLeft (cl) MSTUdent
18/08/96 03:50:30
AIDS????EXEDRWEB???EXEWEB?????EXESCAN????EXE-??????????AVP????????
AVSP????EXETB??????EXECOMMAND?COMIBM????????WIN?????COM

"DarkElf.3691":
[Dark Elf] version 3.0 CopyLeft (cl) MSTUdent
13/11/96 18:04:13
AIDS????EXEDRWEB???EXEWEB?????EXESCAN????EXE-??????????AVP????????
AVSP????EXETB??????EXECOMMAND?COMIBM????????WIN?????COM
[DEME] Dark Elf Mutation Engine v1.0 CopyLeft (cl) MSTUdent
13/11/96 18:04:13

Check other viruses! Be aware! Use Antiviral Software

MGTU.273

Description MGTU.273

This is a dangerous very primitive nonmemory resident parasitic virus. It searches for all .COM files in the current directory, using FCB from PSP, then it writes itself to the end of the file. The virus does not manifests itself in any way. It contains the text in Russian - "This program is written in MGTU by a student of group IU4" (MGTU - Moscow college).

MGUL.1953

Description MGUL.1953

This is a dangerous memory resident parasitic stealth virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are accessed.
It also hooks INT 1, 3, 8. On June 11th and November 30th, it erases the hard drive MBR. It reboots the computer if the virus is under a debugger. It contains the following string:
MGUL. v2.5

Home