Virus Database

Datalock.920

Description Datalock.920

This is a memory-resident dangerous virus that infects COM- and EXE-files as they are started. Since August 1990 it blocks opening of .DBF-files. The virus contains the text "DataLock version 1.00" and hooks INT 21h.

Check other viruses! Be aware! Use Antiviral Software

Elvira.459

Description Elvira.459

These are relatively harmless, non-memory resident parasitic viruses. They search for .COM files in the current directory, then write themselves to the end of the file. The viruses replicate themselves only in October and November. In December, they disinfect host files and display the following message:
<-: Tip von Virus ELVIRA 2.1 R: :->
<-: Traue nie Deinem Viren-Scanner! :->

Em.1303

Description Em.1303

These are dangerous non-memory resident encrypted parasitic viruses. While executing an infected EXE file, the virus opens the C:AUTOEXEC.BAT file, reads the file contents, searches for the line which begins with "path" or "PATH" strings, and inserts the line "em" as the next line:
all
PATH= ...
em
...

Then the virus creates a C:EM.COM file, and writes the encrypted virus body (1303 bytes) there, so the virus creates its COM dropper. Then the virus returns control to host EXE file.
While executing the virus dropper EM.COM (when "infected" AUTOEXEC.BAT receives the control), the virus searches for all .EXE files on the C: drive, and writes itself at the files' end.
On the 28th of any month, the virus summons the trigger routine, which scans the disk for all directory objects (files, subdirectories and volume labels) by using the absolute disk read/write functions INT 25h/26h, and replaces the first letter of the objects name with a SPACE character (20h); after such a correction, DOS cannot access these files/subdirectories.
The virus contains the following internal text strings:
path
PATH
em.com c: autoexec.bat c:*.* *.exe

Home