DDoS.Win32.Boxed.a
Description DDoS.Win32.Boxed.a
This is a DDoS (Distributed Denial of Service) Trojan. It conducts a SYN Flood attack on a number of servers in the bootcom.com doman. It works under Windows NT.
When launched, it creates a service named Secure transactions provider, which covertly starts each time the system boots up.
The service launches five threads, each of which sends TCP packets to one of the servers under attack at high frequency, with SYN flags set. This will cause the network to slow noticeably.
Check other viruses! Be aware! Use Antiviral Software
Salamanca.1205
Description Salamanca.1205
It is a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the beginning of COM files that are executed. The virus has bugs and often halts the computer. Depending on the system time and its flags the virus creates the VIRUS file in root directory on the current drive and writes the text SALAMANCA to there. The virus then reads and modifies in some way the root directory of the C: drive.
Salieri.1745
Description Salieri.1745
It is a very dangerous memory resident parasitic virus. It hooks INT 17h, 21h and writes itself to the end of .COM and EXE files that are accessed. The virus separates the files for the programs and the data files by the file name extension (.COM) and MZ stamp at the beginning of EXE files. While infecting a file the virus checks the file name and does not infect the files:
SCAN.EXE CLEAN.EXE RAWCOPY.EXE TNTVIRUS.EXE MSAV.EXE VSHIELD.EXE
DETECTOR.EXE
Depending on the system timer and the data that are printed the virus exchanges the symbols according to the string:
AUEIOUVBvbCKckGJgjMNmnYIiyZSzsXSxsáaéeíióoúu1736942508,.;:+-*/?¿/ºª
The odd symbols are replaces with the next ones, the even symbols are replaced with the previous ones ('A' <-> 'U', 'E' <-> 'I', e.t.c.).
Depending on the system timer the virus also hooks INT 13h and disables writing to the disk (except the period when the virus is infecting a file). That may corrupt the data and halt the computer.
The virus also contains the text string:
Programado en Sevilla por Salieri
|