Virus Database

DirII.2048

Description DirII.2048

This is a memory resident dangerous stealth virus. It infects COM and EXE files during read/write operations with the sectors which belongs to the directories, containing information about these files. The virus places its own bodies into the last cluster of the infected logical disk. It marks this cluster as the last in the file cluster chain. When the virus infects the file it replaces only the number of the first cluster of the file. The new number will point to the body of the virus. So the virus don't change the contents and the size of the infected file and besides there will be only one copy of the virus on the disk.
It occupies two disk sectors. It also hooks INT 8 (timer) and plays the tune. This virus do not infect COMMAND.COM file.
During initialization the virus penetrates into the DOS kernel, modifies the address of the system disks driver and hooks all DOS calls to this driver. This virus uses powerful stealth mechanism on the system driver level. That is why the virus is "invisible" during a read of infected files either with INT 21h or INT 25h. This virus uses direct access to DOS resources and overcomes practically all anti-virus "shields".
This virus spreads with great speed. If you try to load a file which can't be found on the disks, DOS will look for it in all PATH directories and the virus will infect all the files in these directories. During the first start this virus will infect all files in the current directory of C: drive.

Check other viruses! Be aware! Use Antiviral Software

Kazanir.768

Description Kazanir.768

It is a harmless memory resident parasitic virus. It hooks INT 21h and while executing any file the virus searches for .COM files, then writes itself to the end of the files that are found. The virus contains the text strings:
Her zaman iyiler K A Z A N I R ! Dogruluktan A Y R I L M A !
*.com
Version:
DenemE
ZEKVIR Virusu (c) 1 9 9 5 ASPARAGUS (tm) INTELLIGENT
i.U iSLETME FAK.EXTERNAL - 3 0 4 AVCILAR/ i S T

KbrBug.895

Description KbrBug.895

These are harmless memory resident encrypted parasitic viruses. They hook INT 1, 3, 1Ch, ACh and write themselves to the end of COM (except COMMAND.COM), EXE and OVL files. The viruses make a patch of original INT 21h handler - they insert interrupt call ACh into original INT 21h code, and set INT ACh vector to the address of the virus body.
These viruses do not infect the files for a few days after infection of the system. Periodically they call the trigger routine that jokes with the keyboard by changing the keyboard buffer address and filling the buffer with a "dust".
"KbrBug.895" is not such complex: it hooks only INT 1Ch, 21h and does not infect EXE files. Sometimes this virus exchanges the digits '0' to '9' on the screen.
"KbrBug.2662" also hooks INT 8, 10h and manifests itself with some video effects.

Home