Prevent Online Threats

Unknown_II.555

May 16th, 2008

Details
Unknown_II.5559

It is a harmless memory resident polymorphic and stealth parasitic virus. When and infected file is executed, the virus decrypts itself, hooks INT 21h, 22h and executed the host file. To hook INT 21h the virus scans the DOS kernel, patches INT 21h DOS handler with bytes CDh 29h (INT 29h call) and patches INT 29h DOS handler with “JMP FAR Virus” instruction.
The virus traces INT 13h, 21h, 40h, gets their original addresses and uses them while infecting files. The virus infects COM and EXE files (except IBMBIO.COM and IBMDOS.COM) that are accessed. While infecting the virus writes itself to the end of files. On opening an infected file the virus disinfects it.
The virus contains the text strings:
IBMBIO IBMDOS
Unknown 1.0

Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages.
  • blinkbits
  • BlinkList
  • blogmarks
  • co.mments
  • connotea
  • del.icio.us
  • De.lirio.us
  • digg
  • Fark
  • feedmelinks
  • Furl
  • LinkaGoGo
  • Ma.gnolia
  • NewsVine
  • Netvouz
  • RawSugar
  • Reddit
  • scuttle
  • Shadows
  • Simpy
  • Smarking
  • Spurl
  • TailRank
  • Wists
  • YahooMyWeb

Related Posts

  • No related posts
  • Unkempt.134

    May 16th, 2008

    Details
    Unkempt.1342

    It is a very dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are executed or opened. When a file is created, the virus checks the filename extension with the list:
    DOC TXT PAS C H PRG TEX COB FOR MOD LIS CLA PRO DBF

    and saves the file’s handle. While writing to these newly created files the virus depending on its counter replaces the random selected characters according to the strings:
    szzsa?e¡i¢o£ugjEeAaIiUuOoyikcck1223344556677889
    <>><= '":=&|!~/*+--+*/^/{ 12233445566778899104}

    The odd characters are replaced with the even ones: 's' -> ‘z’, ‘<' -> ‘>’.
    The virus also contains the text strings:
    com
    riS

    Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages.
    • blinkbits
    • BlinkList
    • blogmarks
    • co.mments
    • connotea
    • del.icio.us
    • De.lirio.us
    • digg
    • Fark
    • feedmelinks
    • Furl
    • LinkaGoGo
    • Ma.gnolia
    • NewsVine
    • Netvouz
    • RawSugar
    • Reddit
    • scuttle
    • Shadows
    • Simpy
    • Smarking
    • Spurl
    • TailRank
    • Wists
    • YahooMyWeb

    Related Posts

  • No related posts
  • Union.144

    May 16th, 2008

    Details
    Union.1449

    It’s a not dangerous not memory resident encrypted parasitic virus. It searches for EXE-files and writes itself to their ends. Depending on system date and time it manifests itself with a video effect. It contains an internal text string in Russian and:
    UNION 2.0*.exe AIADSCNCPATH=

    Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages.
    • blinkbits
    • BlinkList
    • blogmarks
    • co.mments
    • connotea
    • del.icio.us
    • De.lirio.us
    • digg
    • Fark
    • feedmelinks
    • Furl
    • LinkaGoGo
    • Ma.gnolia
    • NewsVine
    • Netvouz
    • RawSugar
    • Reddit
    • scuttle
    • Shadows
    • Simpy
    • Smarking
    • Spurl
    • TailRank
    • Wists
    • YahooMyWeb

    Related Posts

  • SU.38
  • KINGSTAR SOUND INDUSTRY LTD
  • Paraguay.275
  • I-Worm.Re
  • Unifor

    May 16th, 2008

    Details
    Uniform

    It is a harmless memory resident stealth boot virus. It reserved 1KB of the DOS memory, copies itself into there and hooks INT 13h. Then the virus writes itself to the MBR of the hard disk and boot sectors of the floppy disks. The virus saves the original MBR write into Track 0, Sector 3, Head 0. On floppy disks the virus writes the original boot sector to the last sector of the root directory. It calculates last sector of root directory with use of boot sector data.
    The virus contains text “UNIFORM” at the beginning of virus code. This text is used by the virus to identify already infected disks. At the end of virus code it contains text “Rajaat”.

    Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages.
    • blinkbits
    • BlinkList
    • blogmarks
    • co.mments
    • connotea
    • del.icio.us
    • De.lirio.us
    • digg
    • Fark
    • feedmelinks
    • Furl
    • LinkaGoGo
    • Ma.gnolia
    • NewsVine
    • Netvouz
    • RawSugar
    • Reddit
    • scuttle
    • Shadows
    • Simpy
    • Smarking
    • Spurl
    • TailRank
    • Wists
    • YahooMyWeb

    Related Posts

  • No related posts
  • Unhandled.42

    May 16th, 2008

    Details
    Unhandled.424

    It’s a not dangerous memory resident parasitic virus. It copies itself into Interrupt Vectors Table, hooks INT 17h, 1Ch, 21h and writes itself to the end of .COM-files that are accessed. It disables printing (INT 17h). Depending on its internal counter (INT 1Ch) it displays the message and reboots computer:
    UNHANDLED SYSTEM ERROR #17 AT 0F00:0FFF

    It also contains the internal text string:
    aisaK

    Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages.
    • blinkbits
    • BlinkList
    • blogmarks
    • co.mments
    • connotea
    • del.icio.us
    • De.lirio.us
    • digg
    • Fark
    • feedmelinks
    • Furl
    • LinkaGoGo
    • Ma.gnolia
    • NewsVine
    • Netvouz
    • RawSugar
    • Reddit
    • scuttle
    • Shadows
    • Simpy
    • Smarking
    • Spurl
    • TailRank
    • Wists
    • YahooMyWeb

    Related Posts

  • No related posts
  • Ungame_II.82

    May 15th, 2008

    Details
    Ungame_II.823

    It is a dangerous memory resident parasitic virus. It hooks INT 10h, 21h and writes itself to the end of .COM files that are executed, opened or renamed and while closing newly created files. While switching to graphic video mode 13h the virus reboots the computer.

    Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages.
    • blinkbits
    • BlinkList
    • blogmarks
    • co.mments
    • connotea
    • del.icio.us
    • De.lirio.us
    • digg
    • Fark
    • feedmelinks
    • Furl
    • LinkaGoGo
    • Ma.gnolia
    • NewsVine
    • Netvouz
    • RawSugar
    • Reddit
    • scuttle
    • Shadows
    • Simpy
    • Smarking
    • Spurl
    • TailRank
    • Wists
    • YahooMyWeb

    Related Posts

  • No related posts
  • Ungame_3.64

    May 15th, 2008

    Details
    Ungame_3.645

    It is not a dangerous memory resident parasitic virus. It hooks INT 9, 21h and writes itself to the end of EXE files that are accessed. On each 4096th keystroke it turns the screen to Hercules video mode.

    Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages.
    • blinkbits
    • BlinkList
    • blogmarks
    • co.mments
    • connotea
    • del.icio.us
    • De.lirio.us
    • digg
    • Fark
    • feedmelinks
    • Furl
    • LinkaGoGo
    • Ma.gnolia
    • NewsVine
    • Netvouz
    • RawSugar
    • Reddit
    • scuttle
    • Shadows
    • Simpy
    • Smarking
    • Spurl
    • TailRank
    • Wists
    • YahooMyWeb

    Related Posts

  • No related posts
  • Ungame Famil

    May 15th, 2008

    Details
    Ungame Family

    These are dangerous memory resident parasitic viruses which by standard manner infects COM- and EXE-files are started. The EXE-files are transferring to COM-format (see VACSINA). The viruses contain the internal text “UnGame(C)Dr” and hook INT 8, 21h. They manifests only while computer is working in graphic video mode: the viruses type “Come On, no. 51, You Time is Up.”, or change the color palette or the video mode, or shifts the contents of the screen, or resets the computer.

    Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages.
    • blinkbits
    • BlinkList
    • blogmarks
    • co.mments
    • connotea
    • del.icio.us
    • De.lirio.us
    • digg
    • Fark
    • feedmelinks
    • Furl
    • LinkaGoGo
    • Ma.gnolia
    • NewsVine
    • Netvouz
    • RawSugar
    • Reddit
    • scuttle
    • Shadows
    • Simpy
    • Smarking
    • Spurl
    • TailRank
    • Wists
    • YahooMyWeb

    Related Posts

  • Mag Famil
  • Tic Famil
  • Tokyo Famil
  • Chukcha Famil
  • Ontario Famil
  • Unexe.42

    May 15th, 2008

    Details
    Unexe.425

    It’s a dangerous not memory resident parasitic virus. On execution it searches for .EXE-files and deletes the first one. Then it searches for .COM-files and writes itself to their ends. It contains the internal text string: “*.COM *.EXE”.

    Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages.
    • blinkbits
    • BlinkList
    • blogmarks
    • co.mments
    • connotea
    • del.icio.us
    • De.lirio.us
    • digg
    • Fark
    • feedmelinks
    • Furl
    • LinkaGoGo
    • Ma.gnolia
    • NewsVine
    • Netvouz
    • RawSugar
    • Reddit
    • scuttle
    • Shadows
    • Simpy
    • Smarking
    • Spurl
    • TailRank
    • Wists
    • YahooMyWeb

    Related Posts

  • No related posts
  • Trojan-Downloader.Win32.VB.bnp

    May 15th, 2008
    This malicious program is a Trojan. It is a Windows PE EXE file. It is 117248 bytes in size. It is packed using UPX. The unpacked file is approximately 280KB in size. This Trojan is written in Visual Basic. Installation Once launched, the Trojan creates a folder called "DETER177" in the Windows...

    Related Posts

  • Trojan-Spy.Win32.KeyLogger.lb
  • Trojan-Spy.Win32.PcGhost.413
  • Trojan-Spy.Win32.PcGhost.400
  • Trojan-Spy.Win32.PcGhost.340
  • Trojan-Downloader.Win32.VB.j
  • Trojan-Clicker.Win32.Tiny.a

    May 15th, 2008
    This Trojan is designed to increase the number of times a site appears to have been visited. It is a Windows PE EXE file. It is 5120 bytes in size. It is written in C++.

    Related Posts

  • Trojan-Spy.Win32.KeyLogger.lb
  • Trojan-Spy.Win32.PcGhost.413
  • Trojan-Spy.Win32.PcGhost.400
  • Trojan-Spy.Win32.PcGhost.340
  • Trojan-Downloader.Win32.VB.j
  • Trojan-Clicker.Win32.Tiny.b

    May 15th, 2008
    This Trojan is designed to increase the number of times a site appears to have been visited. It is a Windows PE EXE file. It is 1004 bytes in size. It is written in C++.

    Related Posts

  • Trojan-Spy.Win32.KeyLogger.lb
  • Trojan-Spy.Win32.PcGhost.413
  • Trojan-Spy.Win32.PcGhost.400
  • Trojan-Spy.Win32.PcGhost.340
  • Trojan-Downloader.Win32.VB.j
  • Exploit.VBS.Phel.dd

    May 15th, 2008
    This exploit program uses an unpatched vulnerability in Internet Explorer which makes it possible to run random code on the victim machine. It is an HTML page which contains Visual Basic Script and Java Script scenarios. It is 1622 bytes in size.

    Related Posts

  • No related posts
  • Worm.Win32.Bomzh.b

    May 15th, 2008
    This worm propagates by creating copies of itself on local disks and write-accessible network resources. It is a Windows PE EXE file. It is 163840 bytes in size. Installation Once launched, the worm copies its executable file to the Windows system directory: %System%\windata.exe The worm then...

    Related Posts

  • No related posts
  • Exploit.JS.Agent.bl

    May 15th, 2008
    This exploit program uses an unpatched vulnerability in Baofeng Storm which makes it possible to run random code on the victim machine. It is an HTML page which contains Visual Basic Script and Java Script scenarios. It is 7599 bytes in size.

    Related Posts

  • No related posts

  • Spyware Removal Spyware Protection Tools