Details
AAA.807
It is a harmless nonmemory resident parasitic virus. It searches for .COM files in the current directory, then writes itself to the end of the file. The virus contains the text strings:
*.COM
- AAA AAA AAA AAA AAA AAA AAA AAA.-
Details
Arianna.3076
This is a parasitic encrypted and stealth virus. While executing an infected file it infects the MBR of the hard drive. While loading from infected MBR it hooks INT 1Ch, waits for DOS loading, then hooks INT 13h for stealth algorithm while accessing to infected MBR, and INT 21h to infect the files. It writes themselves to the end of EXE and COM files that are accessed. When an infected file is opened, the virus disinfect it.
Sometimes the viruses manifest themselves with a video effect and erase the original MBR sector (not first hard drive sector, but the sector containing the original MBR that was saved while infecting a disk). The viruses contain the text strings:
Improved ARIANNA , waiting for ADVANCED 386
Bari @1995 by AV(ANTI)-VIRUS SYSTEM
Details
A2Space.1315
This is not dangerous memory resident parasitic virus. While installing into the system memory it infects the C:\COMMAND.COM and \COMMAND.COM files. Then it hooks INT 17h, 21h and writes itself to the end of COM and EXE files that are executed. In July on Tuesdays and Thursdays the virus replaces ‘A’ and ‘a’ characters with the space while printing. The virus contains the text string:
C:\COMMAND.COM
Details
Arianna.2864
This is a memory resident multipartite, encrypted and stealth virus. While executing an infected file it infects the MBR of the hard drive. While loading from infected MBR it hooks INT 1Ch, waits for DOS loading, then hooks INT 13h for stealth algorithm while accessing to infected MBR, and INT 21h to infects the files. It writes itself to the end of EXE files that are accessed. When an infected file is opened, the virus disinfects it.
Sometimes the viruses manifest themselves with a video effect and erase the original MBR sector (not first hard drive sector, but the sector containing the original MBR that was saved while infecting a disk). The viruses contain the text strings:
“ARIANNA VIRUS”HAS DONE A RECOVERABLE DAMAGE
GOOD LUCK FRIEND !!
+——————————————–+
| ARIANNA is changing your computer activity |
| If you wish no damage do not turn it off |
| ThanX for diffusion ! |
+——————————————–+
Coded in Bari thanX 2 DOS UNDOCUMENTED
Details
A2Space.1268
This is not dangerous memory resident parasitic virus. While installing into the system memory it infects the C:\COMMAND.COM and \COMMAND.COM files. Then it hooks INT 17h, 21h and writes itself to the end of COM and EXE files that are executed. In July on Tuesdays and Thursdays the virus replaces ‘A’ and ‘a’ characters with the space while printing. The virus contains the text string:
C:\COMMAND.COM
Details
Ari.1962
It’s a not dangerous not memory resident parasitic virus. It searches for COM-files and writes itself at their ends. The infected files contain the string at their headers:
Ari is a NARC
With the probability 1/2 the virus displays the message:
Real Name: John A. Buchanan
Alias: Page, Jimmy Page, Aristotle
Home Phone: (804) 595-2672
Work Phone: (804) 857-6000
BBS Phone: Black Axis, (804) 599-4152
Address: 502 Hammond Street
City/State: Newport News, Virginia
Employer: Information Technology Solutions
Work Loc: 2551 East Elthoma
InMode: Unstable, Insecure
ExMode: Egoist, Braggart
Motivation: Power (or the appearance thereof)
Intelligence: Average (below average for computer underground)
Please Press Any Key To Continueall…….
Details:
John A. Buchanan, better known as Aristotle (or ARiSToTLE), is a member
of the ever-degrading Virus eXchange (VX) underground. Not a programmer
of any degree himself, he has relied on his mouth to gain a name in the
scene. Aristotle runs a BBS system dedicated to exchanging viruses, and
claims to be a member of NuKE, an elite underground group with a partial
focus in viruses. NuKE, however, seems to view him as a pest - at best.
For an occasional power-trip, Aristotle has been known to post real
information, including name, phone, etc. of virus writers to attempt to
scare them. He has allegedly given the same information to law-enforcement
agencies on several occasions, and seems to have been the cause of several
people’s arrests. This is the only way, it seems, that he can feel that
he has any power. He is also commonly inciting flame wars (arguments on
a very base level) for a similar purpose.
Please Press Any Key To Continue……….
Details
A&A.506
It’s a memory resident not dangerous virus. It hooks INT 21h, 28h and infects COM-files only. It manifests itself by a video effect.
Details
Argentina.1249
This is a memory resident not dangerous virus which hooks INT 21h and writes itself into the beginning of .COM-files (except COMMAND.COM) when they are started. During infection the virus creates the file MOM.MOM, writes itself into this file, appends a file getting infection to MOM.MOM, deletes the file and renames the MOM.MOM to the file name. If the COMMAND.COM is started the virus checks the current date and on May, 25th, on June, 20th, on July, 9th, on August, 17th the virus types one of the messages:
25 de Mayo Declaracin de la independencia Argentina
20 de Junio Dia de la bandera Argentina
9 de Julio Dia de la independencia Argentina
17 de Agosto Aniversario de la defuncin del Gral. San Martin
Then virus types:
Argentina Virus escrito por AfA - Virus benigno - ENET 35
Pulse una tecla para continuarall
This virus also contains the texts: “Argentina Virus 1.00″, “COMMANDCOM”, “:MOM.MOM”.
Details
99percents
It is a very dangerous nonmemory resident encrypted parasitic virus. It searches for .EXE files and writes itself to the end of the file. On November, 11th it overwrites the files with the program that displays when that file is executed:
Het 99%-virus heeft toegeslagen. . .
!This is my revenge E.V !
Originally released 6 April ‘92
Details
Areopag.480
It is a not dangerous memory resident parasitic virus. It hooks INT 21h and writes itself at the end of COM-files that are executed. Depending on the system timer, it disables ChangeDir function. It contains the internal text strings:
* Equus Trojanus v1.1 (C) AREOPAG No.15 *
Details
92_69.1148
It is not a dangerous nonmemory resident parasitic virus. It searches for EXE files, then writes itself to the end of the file. On the 7th of each month it manifests itself with a video effect. The virus contains the internal text string:
92,69
Details
Areg Family
These are not dangerous not memory resident parasitic viruses. They search for COM-files of the current directory and write themselves at their ends. Then they type with the probability 1/8 a text message in Russian. They also contain the internal text string : “(C) 1993 AREG Soft”.
A new piece of malware called wgaven.exe has been discovered that poses as a Windows Genuine Advantage Notfication. On execution, wgavn.exe creates a folder, C:\Windows\etc\ that contains a file named services.exe. Wgavn.exe copies itself to the \System32\ folder and gives this notification: “O23 - Service: Windows Genuine Advantage Validation Notification (wgavn) - Unknown owner - C:\WINDOWS\system32\wgavn.exe.” The malware disables antivirus software and attempts to contact several IP addresses. The ISP is being notified in an attempt to investigate these sites and IPs. It is still unknown how users are being infected with this malware.
Details
8tunes
It is not a dangerous memory resident parasitic virus. It hooks INT 8, 21h and writes itself to the end of COM (except COMMAND.COM) and EXE files that are executed. After the virus has been resident for 30 minutes, it will play 1 of 8 tunes. After 7 minutes, the virus plays another tune at random, and every 7 minutes after this. The tunes are german folk songs.
Details
Aref.890
This is a memory resident parasitic virus. It hooks INT 21h and writes itself to the end of files that are executed. It infects both COM and EXE files.
On Thursdays it also erases the CMOS, hooks INT 1Ch and on each timer tick, displays the following message:
[ AREF V.3.0 ]
i.e., the virus halts the computer, and fills the screen with this message. If this text is modified in the virus code, the virus will erase the CMOS any time an infected program is executed. This virus also contains the text:
<< Towards a better tomorrow! >>