Details
8ball.a

It is not a dangerous memory resident multipartite virus. While executing an infected file the virus copies itself into HMA, hooks INT 40h, and then overwrites boot sectors of the floppy disks. While loading from an infected disk the virus hooks INT 1Ah, waits for DOS loading, and hooks INT 21h. On first call to INT 21h the virus creates on C: drive the file with a random selected name, and writes the virus copy to that file. Then the virus adds the string:
INSTALL=C:
to the end of the C:\CONFIG.SYS file. As a result while loading from infected C: drive the virus receives the control in the infected file. After infection the virus restores INT 21h (removes itself from the memory).
The virus uses anti-debugging tricks, performs some commands with keyboard ports, contains the text strings:
PK
INSTALL=C:c:\config.sys
8_Ball -=Q=-

Details
Aref.670

This is a memory resident parasitic virus. It hooks INT 21h and writes itself to the end of files that are executed. It infects COM files only.
It has an EXE infection routine, but this routine is never executed, and is partly erased by the encrypted text:
-= PERSIAN GULF =-
Hey you! Jump to the FIRE!
This is a VIRUS, By:Aref Karimi (Wizard) The Last days of 1375.
Be happy, he he
It also hooks INT 17h and 33h and disables the mouse and printing. On the 6th of any month, this virus erases the CMOS, decrypts and displays the following message:
“Aref V.2.0″ sends the greetings and
deep regards to U. he is looking for
someone to talk to, please contact to
the following EMAIL address :
Aref@REMOVED.CMOS.DATA !
Sig: Aref.K.1998

Details
7son.253

This is a benign non-memory resident virus. It searches for all COM files in the current directory and writes itself to the end of the file. Sometimes it displays the message:
Seventh son of a seventh son

Details
Aref.533

This is a memory resident parasitic virus. It hooks INT 21h and writes itself to the end of files that are executed. It infects COM files only.
It has an EXE infection routine, but this routine is never executed, and is partly erased by the encrypted text:
-= PERSIAN GULF =-
Hey you! Jump to the FIRE!
This is a VIRUS, By:Aref Karimi (Wizard) The Last days of 1375.
Be happy, he he

Details
66c.612

This is a very dangerous non-memory resident parasitic virus. It searches for .COM files, then writes itself to the end of the file. On December 25th, it terminates the infected program which are executed. On April 1st, it erases the files. The virus contains the internal text strings:
*.COM
66C

Details
Arcv.335

These are not dangerous viruses. They search for COM- and EXE-files and infect them by a standard manner. Some of the “Arcv” viruses use polymorphic algorithms. These viruses contain the following text strings:
“Arcv.335″: [ARCV-6] Apache *.com
“Arcv.839″: [ARCV-5] Apache Warrior, ARCV. Pres.
“Arcv.541″: [ARCV-7] Apache ARCV. *.exe
“Arcv.562″: [X-1] ICE-9
“Arcv.639″: [ARCV93] ICE-9
“Arcv.651″: [ARCV-3] Apache Warrior.
“Arcv.664″: [ARCV-4] Apache Warrior, ARCV Pres. *.exe *.com
“Arcv.670″: Made in ENGLAND. [ARCVXMAS] by ICE-9 Released June 1992.
“Arcv.679″: Naughty, Naughtyall ARCV Productions Ltd. [ARCV-8] *.exe
“Arcv.693″: [ARCV-2] Apache Warrior, ARCV. Pres.
“Arcv.718″: [SOLOMoN] ICE-9
“Arcv.745″: [ARCV-9] Apache Warrior. *.com
“Arcv.773″: [Slime] By Apache Warrior, ARCV Pres.
Sliming around your PC,
I go make a sticky MESS over your Hard Drive!
“Arcv.795″: [SCROLL] ICE-9 ARcV \COMMAND.COM
“Arcv.795.b”: [X-2] ICE-9, -< ARCV >- Made in England.
Hi I’am called X-2, get my name right!
Look out for the X-3 twins.
“Arcv.826″: [ARCV-1] Apache Warrior, ARCV Pres.
“Arcv.827″: [ARCV-10] Apache Warrior.
“Arcv.839″: [FRIENDS] i486X
“Arcv.916″: [JO] By Apache Warrior, ARCV Pres.
“Arcv.916.b”: JO Exersiser Virus. Apache Warrior, ARCV Pres. [JOEXE]
“Arcv.965″: [Joshua]
“Arcv.986″: [JO] By Apache Warrior, ARCV Pres.
“Arcv.1060″: [X-3b] ICE-9 (c) 1992 ICE-9
Written Oct 1992 Look out 4 future Releases
“Arcv.1072″: [ReaperMan] Apache Warrior
“Arcv.1172″: [Sandwich] By Apache Warrior, ARCV Pres.
“Arcv.1208″: [SCYTHE] Apache Warrior, ARCV Pres.

“Arcv.795″ scrolls up the screen.
On March 3rd, “Arcv.562″ types the following messages:
ICE-9 Presents
In Association with
The ARcV
[X-1]
Michelangelo activates
-< TOMORROW >-

In January, “Arcv.639″ types:
Happy New Year from the ARCV
Released 1 June 1992.
Made in England by ICE-9

In February, “Arcv.657″ types the messages:
Yo.. I`ve Just Found a Virus.. Opps.. Sorry I`m the Virus.
Well let me introduce myself.. I am ARCV-3 Virus, by Apache Warrior.
Long Live The ARCV and Whats an Hard ECU?
Vote Yes to the Best Vote ARCV..

On May 9, “Arcv.664″ types the messages:
So Who`s the Best Then?
Oh Well Sorry But The ARCV Are The Best!
Well Your in Favor with Us then.

In December, from the 20th until 25th, “Arcv.670″ types:
Happy Xmas from The ARCV.

In April, “Arcv.693″ types:
Help.. Help.. I`m Sinking……..

“Arcv.718″ types:
Hello Dr Sol.
&
Fido.
Lurve U lots
ICE-9
(c) 1992 ARCV.
P.S.
Apache sez Hi(Dos)

On June 15, “Arcv.826″ types:
Long Live The ARCV. MUFC for the League!
(c) Apache Warrior, ARCV Pres. 92
Welcome to the REAL World. And the ARCV 1 Virus!

“Arcv.827″ types:
Well its finally here The -= ARCV =-
Welcome To our New Members……….

On December 10, “Arcv.916″ types:
Looking Good Slimline Joanna.
Made in England by Apache Warrior, ARCV Pres.
Jo Ver. 1.11 (c) Apache Warrior 92.
I Love You Joanna, Apache..

“Arcv.965″ types:
—————————————————
? Guess what ??? ?
? You have been victimized by a virus!!! Do not ?
? try to reboot your computer or even turn it ?
? off. You might as well read this and weep! ?
—————————————————

“Arcv.986″ displays:
This is Dedicated To the Girl I Love, Joanna Dicks.
Made in England by Apache Warrior, ARCV Pres.
Jo Ver. 1.01 (c) Apache Warrior 92.
I Love You Joanna, Apache..

“Arcv.1060″ displays:
THE TWINS
[X-3a] & [X-3b]
ARE ON YOUR PC.
ICE-9

“Arcv.1072″ displays:
Reaper Man.
(c) 92, Apache Warrior, ARCV Pres.

“Arcv.1172″ displays:
Which ARCV Member Likes a
Sandwich?
Cheese, Beef Spread, Cucumber and Crisp
Corned Beef and Salad Cream
Jaffa Cake and Hamster on Rye
Is it A. Apache Warrior
B. ICE-9
C. Slartibartfast
Select a Letter:
Well you know you`re ARCV Members.
Bad Luck.. Better Luck Next Time.

On December 12, “Arcv.1208″ displays:
This is the Scythe for Reaper Man.
Beware I`m Sharp!
Made in England by Apache Warrior, ARCV Pres.
Scythe Ver. 1.01 (c) Apache Warrior 92.
Reaper Man Swung The SCYTHE and the PC Died!

Arcv.Anna.742 and 745
It displays the message:
[ANNA] Slartibartfast, ARCV NuKE the French
Have a Cool Yule from the ARcV
xCept Anna Jones
I hope you get run over by a Reindeer
Santas bringin’ you a Bomb
All my Lurve - SLarTiBarTfAsT
(c) ARcV 1992 - England Raining Again

Arcv.Alpha.743
This is a dangerous non-memory resident encrypted parasitic virus. It searches for a .COM-files, and writes itself to their end. On March 5, it types
Youre PC has ALPHA virus.
Brought to you by the ARCV.
Made in ENGLAND.

and hangs up the computer. It also contains the internal texts:
*.com *.*
[ALPHA] by ICE-9
Released July 1992.

Arcv.Benoit.1183
This is a dangerous memory resident encrypted parasitic virus. It hooks INT 21h, and infects .EXE-files upon opening or execution. Sometimes it types:
[BENOIT] ICE-9.
Made in Engalnd.

and hangs up the computer. It contains the internal text also:
Release 5th November 1992 (c) 1992 ICE-9. Dedicated to Benoît B. Mandelbrot

Arcv.Ice
These are non-memory resident harmless parasitic viruses. They search for .COM-file of the current directory, and write themselves at the file end. “Arcv.Ice.250 and 330″ encrypt themselves. These infectors contain the text string “*.COM” and
“Arcv.Ice.159″: [159] ICE-9
“Arcv.Ice.199″: [199] ICE-9
“Arcv.Ice.224″: [224] ICE-9
“Arcv.Ice.250″: [250] ICE-9

In July, “Arcv.Ice.330″ types: “[330] by ICE-9″.
Arcv.Ice.642 and 678
These are benign memory resident parasitic viruses. They hook INT 21h, and write themselves at the end of .COM-files that are opened or executed. At the beginning of January, they decrypt and display the message:
Happy New Year from the ARCV
Released 1 June 1992.
Made in England by ICE-9

They also contain the internal text: “[ARCV93] ICE-9 r51xP”.
Arcv.Joanna
This is a benign memory resident parasitic encrypted virus. It hooks INT 21h, and writes itself to the end of .COM-files executed or opened. Sometimes it types one of the following messages:
Looking Good Slimline Joanna.
Made in England by Apache Warrior, ARCV Pres.
Jo Ver. 1.11 (c) Apache Warrior 92.
I Love You Joanna, Apache..

It contains the internal text string also:
[JO] B_ Apache Warrior, ARCV Pres.

Arcv.More.649
This is a benign memory resident encrypted parasitic virus. It hooks INT 21h, and writes itself to the end of COM- and EXE-files executed. It types:
OH NO NOT MORE ARCV.

It also contains the internal text:
[MoRE] ICE-9

Arcv.Zaphod.399
This is a dangerous non-memory resident parasitic virus. It searches for .COM-files of current directory, and writes itself to the file end. On February 28, it decrypts and types the message “Greetings from ZAPHOD.” and then hangs up the computer.
Arcv.Dennis
This is a benign memory resident encrypted parasitic virus. It hooks INT 21h, and infects COM- and EXE-files upon their execution. Sometimes it types:
To Dennis Yelle You Need A Pay Rise!
McAfee Eat Lead……….

and cracks by the internal computer speaker. It also contains the internal text also: “[Dennis-1] Apache Warrior, -= ARCV =- President.”.
Arcv.Mcwhale
This is a benign non-memory resident encrypted parasitic virus. It searches for COM- and EXE-files and writes itself at their end. It types:
………………………………..BEWARE!!!
…………………………..Anti-Virus…..Man
…..John…..McAfee…..wrote…..the…..WHALE…..virus!!!
…………………………HONEST!!!
………………………………

It contains the internal text string also:
by ABRAXAS - (c) 1992 Abraxas Warez

Details
Arcs.1194

It is a harmless nonmemory resident parasitic virus. It searches for .COM files (except COMMAND.COM), then writes itself to the end of the file. The virus contains the text strings:
*.com
DOS \ARCS
V V2 ****

Details
5lo.1024

It is a harmless memory resident parasitic virus. It hooks INT 21h and when any program is executed or terminated, the virus searches for .EXE files in the current directory, then it writes itself to the end of the file. The virus contains the text:
92.05.24.5lo.2.23

Details
4Seasons.1534

It is a very dangerous memory resident parasitic virus. It hooks INT 13h, 14h, 21h and writes itself to the beginning of COM-files (except COMMAND.COM) that are executed. The virus deletes the CHKLIST.CPS file.
Depending on the system time the virus erases the *.DAT files, or disables printing. Depending on its internal counters the virus disables Create/Delete Directory and Set Time/Date DOS-functions, slows down PC, erases disk sectors.
The virus contains the text strings, the last one is encrypted:
.dat
chklist.cps
COMMAND
* THE FOUR SEASONS VIRUS * (C) WET, PARIS 1991 *
I HAD MUCH FUN WRITING THIS VIRUS, I HOPE YOU HAVE FUN WITH IT TOO!!
* MES AMITIES A PATRICIA M., JE T’EMBRASSE TRES FORT ET JE PENSE A TOI *

Details
4res

It is not a dangerous nonmemory resident virus. It writes itself to the end of .COM and .EXE files of current directory and directories that are marked in the PATH string. On January, 1st it halts the computer. It contains the internal text strings:
4RESPATH=COMSPEC=*.COM
*.EXE
4RES

Details
4on.1346

It is a harmless memory resident parasitic polymorphic virus. It hooks INT 21h and writes itself to the end of .EXE files that are accessed. It contains the text string:
4ON-\\*+>

Details
3Y.853

It is not a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of .COM files (except COMMAND.COM) that are executed. The virus displays the message:
¦_++ 3Y_06b.COM Ver0.6b Copyright 1992 3Y2H
-++_é+Å_Æôé¦é_é¦é+í R3Y_06a.EXEé+Å_Æôë_ò·é¦é_é+í

Details
3tunes.1784

This is a benign memory resident parasitic polymorphic virus. It hooks INT 21h, and writes itself to the end of COM and EXE files that are executed or opened. In June, it also hooks INT 1Ch and plays three tunes (in DEMO press SPACE to run next tune).

Details
3nop

It’s a dangerous memory resident multipartite stealth virus. On loading from infected floppy it writes itself into MBR of hard drive. Then it hooks INT 13h (as loading from infected HD) and checks the functions of disk reading and writing. On reading from floppy, it infects the boot sector of the floppy, on writing on the floppy the virus checks first three bytes of data buffer. If there is JMP opcode (E9h), the virus overwrites 200h bytes of this buffer by virus’ code. So the virus can insert itself into the executable file beginning or middle. On execution of this file the virus infects MBR of hard drive and returns to DOS. These files are not recoverable and should be deleted.

Details
3E.384

This is a harmless memory resident parasitic virus. It hooks INT 21h, and writes itself into the middle of EXE files that are closed. The virus does not manifest itself in any way.