Virus Database

Alar.4270

Description Alar.4270

This is a very dangerous memory resident multipartite polymorphic and stealth virus. It writes itself to the end of COM and EXE files and to the MBR of the hard drive. When an infected file is executed, the virus infects the MBR of the hard drive. Then it hooks interrupt vectors (as well as while loading from infected MBR) and stays memory resident. Because of an error the virus corrupts the hard drive that have less than 18 sectors per track while infecting them. The virus infects the files that are executed or closed and disinfects the infected files that are opened.
The virus hooks INT 21h for file infection and stealth, INT 13h for disk stealth and to hook INT 21h while loading from infected disk, INT 17h to change some data that are printed, INT 1Ch for a video effect (the virus "shakes" the screen). While infecting the MBR the viruses temporary hook INT 10h, 16h (video and keyboard) to fool internal BIOS anti-virus protection.
The virus intercept command line commands and when the "stop creeping" text is entered, the virus disable their infection and stealth routines. When the "tell me your version" text is entered, the viruses display:
Alar Abaddon virus. Version 1.2 (peaceful)
Created by Gall.. A..... (C) 05/29/97
When the "do it right now" text is entered, the virus erase the CMOS.
The virus checks the CRC of their INT 21h handlers' code, and if this code is modified (TSR part of the virus is disinfected), the viruses display a message in Russian and halt the computer.
Being executed under minor DOS versions the virus displays the message and returns to DOS:
Invalid parameter missing

Check other viruses! Be aware! Use Antiviral Software

Backdoor.Win32.Agent.nj

Description Backdoor.Win32.Agent.nj
This Trojan program makes it possible for a remote malicious user to control the victim machine. The program itself is a Windows PE EXE file approximately 290KB in size. Installation Once launched, the program copies itself to the Windows system directory asall

Backdoor.Win32.Agobot.aby

Description Backdoor.Win32.Agobot.aby
This Trojan provides a remote malicious user with remote access to the victim machine. The program is managed via IRC. The Trojan itself is a Windows PE EXE file approximately 224KB in size, written in Visual C++. It is packed using ASProtect. Installation When installing, the backdoor copiesall

Home

Viruses from A to Z
0-9 A B Ñ D E F G H I J
K L M N O P Q R S T
U V W X Y Z



Pet Accessories
Skylights
Clean Colon
Tjäna Pengar På Blogg
Forretningsadvokat

    Copyright © 2005 Virus-Database.com
© 2005 Virus-Database.com