Details
33.525
This is a dangerous memory resident parasitic virus. It traces and hooks INT 21h, and writes itself to the end of COM files that are executed or searched by DOS functions FindFirst/Next ASCII. The infected files contain the word “33″ at their ends. The 10th generation of this virus reboots the computer.
Details
2up.6000
This is a dangerous memory resident parasitic encrypted stealth virus. It hooks INT 21h, and writes itself to the beginning of COM files and into the middle of EXE files that are executed or created. It compares the file names with the strings:
AID COMMAND ANTI AV HOOK SOS TSAFE -V SCAN NC VC TNT ADINF AID
and does not infect these files. While infecting, the virus creates the file OBJXCREF.COM, writes itself into there, appends the file body, and then renames to the name of the file that it is infecting.
The virus copies, into a reserved system area of directory entries, the string:
2UP(C)1994
The virus also displays the text:
Hello BOBBY ! (BOBBY-Trash Soft & Hardware)
In some cases it overwrites the files with the message:
+————————————————+
? Attention all No smoking ! Stop Talking ! ?
+——————————————————————+
? 2(Two) Unlimited Programists presents: 2UP Virus Version 1.0 ?
+——————————————————————+
? +——-+ — — +———+ ?
? ? ? ? ? ? ? ?
? ? ? ? ? ? 2UP ? ?
? ? ? ? ? ? ? ?
? ? — ? ? ?———+ ?
? +——-+ ? ? ? ?
? ? ? ? ? ?
? +——– +——-+ — ?
? ?
? We’ll turn your life into nightmare ?
+————————————————+
This virus also manifests itself with a video-effect, and contains the internal text strings:
Hullo ! Welcome to 2UP virus. Don`t try so hard!
Hallo Mr.Virusolog,now you decod me !
It’s about fucking time.What do you think about 2UP Virus ?
This Virus Was Designed in 1992-1994 .It Dedicated For Nobody..
I Want To BreakFree ! Right Now
.com.COMobjxcref.com
2UP(C)1994
.EXE.COM
Details
1stVir.3173
This is harmless, memory resident parasitic virus. It hooks INT 9, 13h, 1Ch, 21h, and 28h. The virus writes itself to the end of COM and EXE files. When the file is executed, the virus stores its name, and infects that file on INT 1Ch or INT 28h calls. So the virus infects the file not at the same moment when the file is executed, but with some delay.
Other interrupt vectors the virus uses in its video effect: the virus changes the video mode, pages, cursor and mouse position, and displays the string “1st”.
The virus contains the encrypted text strings:
EXECOM
1stVIR
Details
1stVir.3032
This is harmless, memory resident parasitic virus. It hooks INT 9, 13h, 1Ch, 21h, and 28h. The virus writes itself to the end of COM and EXE files. When the file is executed, the virus stores its name, and infects that file on INT 1Ch or INT 28h calls. So the virus infects the file not at the same moment when the file is executed, but with some delay.
Other interrupt vectors the virus uses in its video effect: the virus changes the video mode, pages, cursor and mouse position, and displays the string “1st”.
The virus contains the encrypted text strings:
EXECOM
1stVIR
Details
04h.635
This is a harmless memory resident parasitic virus. It hooks INT 21h. On DOS calls FindFirst (AH=4Eh), it searches for COM files and writes itself to the beginning of the file. The virus contains the encrypted text strings:
04h Virus*.com
Details
04h Family
These are harmless memory resident parasitic viruses. They hook INT 21h. On DOS calls FindFirst (AH=4Eh), they search for COM files and write themselves to the beginning of the file. The viruses contain the encrypted text strings:
“04h.609″: 04h Virus, (c) Enrico*.com
“04h.635″: 04h Virus*.com
Details
Win98.Matyas
This is a primitive, non-memory resident parasitic virus. It searches PE EXE files in the current directory, then writes itself to the end of the file. While spreading, the virus uses direct calls to the Windows kernel by using hardcoded addresses. These addresses are valid only in the Win98 standard edition. As a result, the virus is not able to spread under other Win32 versions. Being run under non-Win98, the virus causes a standard “error in application” message.
The virus does not manifest itself in any way. It contains the text string:
Mŕtyŕs Corvinus kezdettall
Details
10past3.a
This is a dangerous, memory-resident parasitic virus. It hooks INT 9 and 21h, and sets INT 1 and 3 to HOLD RESET address, and writes itself to the end of the COM files that are executed or loaded into the memory for debugging or as overlays.
While creating a TSR copy, this virus do not modify the MCB chain, and may halt the system. When the INT 9 is called (keyboard), the virus may change keyboard flags.
An email is being distributed about the big controversy between the Brazilian soccer coach and the President of Brazil over the health of team star Ronaldo. The email is in Portuguese and includes photos of Ronaldo and President Lula. The email encourages the reader to click on the attached file to view a video relating to the controversy. The attachment is actually a Trojan .exe file. Upon download, the file extracts itself and emulates a Microsoft software installation thus allowing it to alter firewall settings such that it can operate seemingly undetected. The application then attacks.
Details
Macro.Word97.Titch
This virus contains only one macro AutoClose and replicate themselves on document closing. It contain the comments:
Titch
An experiment in Macro programming 
Minimum stealth, no encryption, No payload, No mail replication
If you had looked you could have found and deleted it but..
You probably never knew it was here!
Details
IRC-Worm.Kromber
This worm Trojan spreads via IRC channels, and is 3584 bytes in size.
Propagation
When launching, the worm checks for an active IRC client on the victim machine. If it finds this, the worm will send a link to a remote site to all accessible IRC channels by using the /amsg command:
http://www.kromberg.at/[censored]/show.php?f=drunkchicks.jpg LOL
It also attempts to install this link as the name of a channel and comments to it.
If another user clicks on this link, the remote site will be contacted. This site contains a malcious VBS script (which will be detected by Kaspersky Anti-Virus as TrojanDropper.VBS.Inor.h). This will install and launch the worm’s executable file, named browsercheck.exe on the victim machine.
If you have a company with less than 1000 employees, Microsoft can offer you a free security assessment to enhance it security within your Information Technology department.
According to Microsoft, as soon as you fill out the report, you will immediately be able to view the assessment. You will also receive an in-dept report that gives you an idea of the current state of your IT security and will also be presented with industry-recognized best practices and recommendations to tighten down your security.Â
Want to know just how concerned consumers are of computer viruses and other threats, just ask the Gartner Group and they will tell you that anti virus vendor’s revenue for last year hit 4 billion dollars. Â
They are in fact expecting major growth over the next couple of years because they see no end in site to online threats. Gartner is also predicting that with the entry of Microsoft into the anti-virus market, you can expect some healthy price competition which I too agree is much needed.
Well, I’ll take a quick moment to remind you to make sure you are running an updated anti-virus program and that you have downloaded the latest virus definitions.
Details
Constructor.VBS.Alamar
This is a script-worm construction tool. It was used to create “Anna Kournikova”, “Anthrax” viruses and “Lee”, “VBSWG” virus families.
The constructor is able to create worms, which can replicate using e-mail and IRC channels (using mIRC or pIRCh programs). The worms created using this constructor can also:
- start automatically with Windows
- copy itself to system folders
- encrypt their code
- open pre-defined URLs
- show a pre-defines message or picture
- “halt” the operating system
There are more than 10 different versions of this constructor. There are a lot of viruses created by this generator contain bugs, and do not work.
Google’s web site hosting service was being used by hackers to host a malicious Trojan. Security company Websense warned that a Trojan horse was being hosted on a site with the same IP address as the main Google site. This Trojan is known as “keylogger” and is programmed to recognize when users go to bank sites then it records the users keystrokes. The company has not yet detected e-mails or IM links leading back to the Trojan. Luckily, it appears that it was caught before being launched.