Details
Unknown_II.5559

It is a harmless memory resident polymorphic and stealth parasitic virus. When and infected file is executed, the virus decrypts itself, hooks INT 21h, 22h and executed the host file. To hook INT 21h the virus scans the DOS kernel, patches INT 21h DOS handler with bytes CDh 29h (INT 29h call) and patches INT 29h DOS handler with “JMP FAR Virus” instruction.
The virus traces INT 13h, 21h, 40h, gets their original addresses and uses them while infecting files. The virus infects COM and EXE files (except IBMBIO.COM and IBMDOS.COM) that are accessed. While infecting the virus writes itself to the end of files. On opening an infected file the virus disinfects it.
The virus contains the text strings:
IBMBIO IBMDOS
Unknown 1.0

Details
Unkempt.1342

It is a very dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are executed or opened. When a file is created, the virus checks the filename extension with the list:
DOC TXT PAS C H PRG TEX COB FOR MOD LIS CLA PRO DBF

and saves the file’s handle. While writing to these newly created files the virus depending on its counter replaces the random selected characters according to the strings:
szzsa?e¡i¢o£ugjEeAaIiUuOoyikcck1223344556677889
<>><= '":=&|!~/*+--+*/^/{ 12233445566778899104}

The odd characters are replaced with the even ones: 's' -> ‘z’, ‘<' -> ‘>’.
The virus also contains the text strings:
com
riS

Details
Union.1449

It’s a not dangerous not memory resident encrypted parasitic virus. It searches for EXE-files and writes itself to their ends. Depending on system date and time it manifests itself with a video effect. It contains an internal text string in Russian and:
UNION 2.0*.exe AIADSCNCPATH=

Details
Uniform

It is a harmless memory resident stealth boot virus. It reserved 1KB of the DOS memory, copies itself into there and hooks INT 13h. Then the virus writes itself to the MBR of the hard disk and boot sectors of the floppy disks. The virus saves the original MBR write into Track 0, Sector 3, Head 0. On floppy disks the virus writes the original boot sector to the last sector of the root directory. It calculates last sector of root directory with use of boot sector data.
The virus contains text “UNIFORM” at the beginning of virus code. This text is used by the virus to identify already infected disks. At the end of virus code it contains text “Rajaat”.

Details
Unhandled.424

It’s a not dangerous memory resident parasitic virus. It copies itself into Interrupt Vectors Table, hooks INT 17h, 1Ch, 21h and writes itself to the end of .COM-files that are accessed. It disables printing (INT 17h). Depending on its internal counter (INT 1Ch) it displays the message and reboots computer:
UNHANDLED SYSTEM ERROR #17 AT 0F00:0FFF

It also contains the internal text string:
aisaK

Details
Ungame_II.823

It is a dangerous memory resident parasitic virus. It hooks INT 10h, 21h and writes itself to the end of .COM files that are executed, opened or renamed and while closing newly created files. While switching to graphic video mode 13h the virus reboots the computer.

Details
Ungame_3.645

It is not a dangerous memory resident parasitic virus. It hooks INT 9, 21h and writes itself to the end of EXE files that are accessed. On each 4096th keystroke it turns the screen to Hercules video mode.

Details
Ungame Family

These are dangerous memory resident parasitic viruses which by standard manner infects COM- and EXE-files are started. The EXE-files are transferring to COM-format (see VACSINA). The viruses contain the internal text “UnGame(C)Dr” and hook INT 8, 21h. They manifests only while computer is working in graphic video mode: the viruses type “Come On, no. 51, You Time is Up.”, or change the color palette or the video mode, or shifts the contents of the screen, or resets the computer.

Details
Unexe.425

It’s a dangerous not memory resident parasitic virus. On execution it searches for .EXE-files and deletes the first one. Then it searches for .COM-files and writes itself to their ends. It contains the internal text string: “*.COM *.EXE”.

This malicious program is a Trojan. It is a Windows PE EXE file. It is 117248 bytes in size. It is packed using UPX. The unpacked file is approximately 280KB in size. This Trojan is written in Visual Basic. Installation Once launched, the Trojan creates a folder called "DETER177" in the Windows...

This Trojan is designed to increase the number of times a site appears to have been visited. It is a Windows PE EXE file. It is 5120 bytes in size. It is written in C++.

This Trojan is designed to increase the number of times a site appears to have been visited. It is a Windows PE EXE file. It is 1004 bytes in size. It is written in C++.

This exploit program uses an unpatched vulnerability in Internet Explorer which makes it possible to run random code on the victim machine. It is an HTML page which contains Visual Basic Script and Java Script scenarios. It is 1622 bytes in size.

This worm propagates by creating copies of itself on local disks and write-accessible network resources. It is a Windows PE EXE file. It is 163840 bytes in size. Installation Once launched, the worm copies its executable file to the Windows system directory: %System%\windata.exe The worm then...

This exploit program uses an unpatched vulnerability in Baofeng Storm which makes it possible to run random code on the victim machine. It is an HTML page which contains Visual Basic Script and Java Script scenarios. It is 7599 bytes in size.