Virus Database

Alar.4270

Description Alar.4270

This is a very dangerous memory resident multipartite polymorphic and stealth virus. It writes itself to the end of COM and EXE files and to the MBR of the hard drive. When an infected file is executed, the virus infects the MBR of the hard drive. Then it hooks interrupt vectors (as well as while loading from infected MBR) and stays memory resident. Because of an error the virus corrupts the hard drive that have less than 18 sectors per track while infecting them. The virus infects the files that are executed or closed and disinfects the infected files that are opened.
The virus hooks INT 21h for file infection and stealth, INT 13h for disk stealth and to hook INT 21h while loading from infected disk, INT 17h to change some data that are printed, INT 1Ch for a video effect (the virus "shakes" the screen). While infecting the MBR the viruses temporary hook INT 10h, 16h (video and keyboard) to fool internal BIOS anti-virus protection.
The virus intercept command line commands and when the "stop creeping" text is entered, the virus disable their infection and stealth routines. When the "tell me your version" text is entered, the viruses display:
Alar Abaddon virus. Version 1.2 (peaceful)
Created by Gall.. A..... (C) 05/29/97
When the "do it right now" text is entered, the virus erase the CMOS.
The virus checks the CRC of their INT 21h handlers' code, and if this code is modified (TSR part of the virus is disinfected), the viruses display a message in Russian and halt the computer.
Being executed under minor DOS versions the virus displays the message and returns to DOS:
Invalid parameter missing

Check other viruses! Be aware! Use Antiviral Software

OS2.Jiskefet

Description OS2.Jiskefet

It is a harmless nonmemory resident parasitic virus. It searches for NewEXE (LX) files, reads 2048 (800h) bytes from the file beginning, writes that data to the end of the file, and then writes itself to 2048 bytes of the file header. Then the virus creates a temporary file, copies the host file there, disinfects and executes that file. Then the virus returns control to the system.
While searching and infecting the files, the virus uses OS/2 calls:
DosExit DosChgFilePtr DosClose DosDelete DosFindClose DosFindFirst
DosFindNext DosNewSize DosOpen DosGetEnv DosRead DosWrite DosExecPgm

The virus contains the text strings:
Jiskefet
DOSCALLS
*.EXE
MK

OS2.MyName

Description OS2.MyName

This is a very dangerous, non-memory resident overwriting OS/2 virus. It is the first known virus infecting OS/2 executable files. Upon execution, it obtains the name of the host file, reads its code from there, then searches for NewEXE (LX) files and overwrites them. While infecting a file, the virus uses OS/2 calls:
DosExit DosClose DosFindFirst DosFindNext DosOpen DosGetEnv DosRead
DosWrite

and displays the messages:

My name is
--> infected

The virus also contains the text string:
VIRUS
DOSCALLS
*.EXE

Home