Virus Database

DSCE.Demo.2941

Description DSCE.Demo.2941

It's harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM- and EXE-files that are executed. It contains the internal text string:
This is a DSCE's Demo Virus written by [P.F]

Check other viruses! Be aware! Use Antiviral Software

IntMaster Family

Description IntMaster Family

These are memory resident parasitic viruses. They hook INT 22h, return control to the host program and wait for termination call (INT 22h). Then they trace INT 21h and patches the DOS INT 21h handler with INT 79h call, hook INT 79h and stay memory resident.
The viruses infect OBJ files that are closed. They parse the OBJ records, create new record in OBJ file, write themselves to that record, then patch the main program's code in OBJ file with CALL_VIRUS instruction.
While linking an infected OBJ file the entry code of result executable file begins with CALL_VIRUS code. When such file is executed, the virus immediately receives the control.
"IntMaster.1340" is a harmless virus. It does not manifest itself in any way. It contains the text string:
(C) IntMaster, Kiev-1995all

"IntMaster.1878" is a very dangerous encrypted virus. It also infects the COM files (except C*.*) that are executed, the virus writes itself to the end of the files. When a W*.* file is executed, the virus depending on the system date erases that file, displays the message and halts the system:
This program wastes a lot of memory,
SYSTEM HALTED...

This virus also contains the string:
(C) Ace of Spades , Kiev-1995... Don't be a snub - enjoy yourself!

IntOv Family

Description IntOv Family

These are dangerous memory resident parasitic viruses. They hook INT 21h and infect COM and EXE files that are executed or opened. While infecting a file the virus writes its "loading" code (69h bytes) to the entry point of the file, then writes the rest of its code to the end of the file. When an infected file is executed, the virus loader reserves a block of the system memory, copies itself into there, gets the name of the host file and reads the rest of the virus code. Then the virus restores the code of the host file and releases the control.
The viruses infect only the COM files that contain the JMP NEAR (E9h) instruction at the beginning of the file. While infecting EXE files the viruses check the relocation table to prevent overlapping the virus loading code with relocated words.
The viruses have bugs and may halt the system while infecting a file. The viruses contain the text strings:
"IntOv.685":
COMEXEexecom
[IntOv]

"IntOv.708":
COMEXEexecom
[Internal Overlay, Tcp / 29A]

Home