Details
Gollum.664

It’s a not dangerous not memory resident parasitic virus. It searches for COM-files (except COMMAND.COM) and writes itself to their ends. Depending on the system timer it decrypts and displays the message:
Nasssty little Hobbitssses!
We hatesss them!
We hatesss them all!

It contains the internal text strings also:
Gollum v1.00, by Thanatos
COMMAND.COM

Details
GoldBug

GoldBug is a not dangerous memory resident multipartite stealth virus. This virus will only replicate on ‘286 computers and higher running DOS 5.0 or higher, and only if the user stashes the operating system in UMB (Upper Memory Blocks).
The virus copies itself in High Memory Area, hooks INT 13h, 21h and infects MBR of hard drive, boot sectors of 1.2M floppies and EXE-files are accessed. On infection of the files this virus uses companion and polymorphic technology.
This virus contains the internal text strings:
CHKLIST????
1O7=0SLMTA

The virus outputs the last string (backward) to the modem port: “ATMLS0=7O1″.

Details
Goga.1660

It’s a not memory resident dangerous virus. On execution it searches all the subdirectories of the current drive for COM- and EXE-files and writes itself to their ends. It there are *.DBF, *.PRG, *.FOX, *.KAR files, the virus encrypts their contents. On every execution this infector increases the counter which is saved in the MBR of hard drive. Depending on the value of that counter the virus reboots the computer. It also contains the internal text string “Goga”.

Details
Godzina_II.1305

It is not a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of EXE files that are executed or when file attributes are read/modified. At the end of infected files there is the ID-word “SH”. Depending on the system time the virus displays the message:
+—————————-+
| Shaula 2.0 Godzina DUCHOW |
| Crtd by **** Piotrkow Tryb |
+—————————-+

Details
Godzina.1024

It’s a not dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of EXE-files that are executed. On Sundays on 22:xx of system timer it sets this timer to 23:xx, then it decrypts and displays the message:
Chwieje sie lew,upada w mrok
chwytaja go demony
Szkarlatne skrzydla prezy smok
przez czarny wiatr niesiony
Rycerze wiecznym legli snem
bo Wielki Boj ich znuzyl
A w glebi gor przekletych,hen
szatanski roj sie budzi
GODZINA SMOKA ! Trupi chlod
strach krwawym lypie okiem
GODZINA SMOKA ! struchlal lud
ktorz oprze sie przed smokiem ?

Details
Gobot family

These are very dangerous nonmemory resident encrypted overwriting viruses. They search for COM files in the current directory, then overwrite them, display the message and return to DOS:
Parameter value not in allowed range

If there are no COM files in current directory, the viruses display the standard Windows’ error message:
WARNING!
The system is either busy or has become unstable. You can wait and
see if it becomes available again, or you can restart your computer.
* Press any key to return to Windows and wait.
* Press CTRL+ALT+DEL again to restart your computer. You will
lose unsaved information in any programs that are running.
Press any key to continue

The viruses also contain the strings:
GOBOT virus written 24th March 1997 in New Haven, CT
_________ _______ ___________ _______ __________
___________ ___________ _____________ ___________ ____________
___ ___ ___ _____ ____ ____ ___ ______ ____ _
____ ____ ____ ___________ ____ ____ ____
____ _________ ____ ________________ ____ ____
_____ _____ _____ ___ ____ _________ ___ ____
___________ ___________ ___________ ___________ ____
_________ _______ ___________ _______ _____
________ _____ ________ _______
__________ _________ __________ __________
___ ____ ___ _________ ________ ____
_______ ____ __________________________
_______ ____ ____ __________ __________
___ ______ ___ ___ ____ ___ ____
___________ _________ __________ __________
__________ ______ ________ ________

Details
Goblin.1759

This is a benign memory resident encrypted multipartite stealth virus. It hooks INT 13h, 1Ch, 21h and writes itself at the end of EXE files are accessed and MBR of hard drive on execution of infected program. Depending on system date it flips the screen by hooking of INT 1Ch. By hooking INT 13h it realizes the stealth algorithm on accessing to infected MBR. This virus contains the internal text string:
DELWIN

Details
Goblin.1199

This is a benign memory resident encrypted multipartite virus. It hooks INT 13h, 1Ch, 21h and writes itself at the end of EXE files are accessed and MBR of hard drive on execution of infected program. Depending on system date it flips the screen by hooking of INT 1Ch. By hooking INT 13h it realizes the stealth algorithm on accessing to infected MBR. This virus contains the internal text string:
GOBLIN

Details
Gnat.753

It’s a not dangerous memory resident parasitic encrypted virus. It hooks INT 1Ch, 21h and writes itself to the end of EXE-files that are executed or loaded as overlays. Sometimes it overturns the screen. It contains the internal text string “GNAT 1.0″ also.

This Trojan program is designed to steal a range of confidential information. It harvests information entered via the keyboard. It is a Windows PE EXE file. The file is 5,184 bytes in size. It is packed using FSG. The unpacked file is approximately 22KB in size. Installation When launched, the...

This Trojan is designed to steal user passwords. It is a Windows PE EXE file. The file is 45,056 bytes in size. It is written in C++.

Details
GmSpirit.2655

It is not a dangerous memory resident polymorphic parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed. The virus does not manifest itself in any way. The virus contains the text strings:
[GM.Spirit]
[v1.10]
[Author: Green Monster, Russia]
We live in XMSall

The virus uses many complex programming tricks:
- it stores its TSR copy in the XMS memory and leaves in DOS memory just a small routine that hooks file execution, then allocates a block of DOS memory, copies to there the main virus body from the XMS, and executes it;
- when other programs are executed, the virus is able to move this routine in DOS memory;
- to intercept file execution the virus scans DOS kernel and patches DOS handler code with JMP_Virus instruction;
e.t.c.

Details
Gly.1182

It is not a dangerous memory resident partly encrypted parasitic virus. It writes itself to the end of .COM files. When an infected file is executed, the virus infects the C:\COMMAND.COM file, then hooks INT 21h and infects .COM files on DOS calls FindFirst/Next FCB (DIR command). If an infected program is executed on May 25th at 13:xx, the virus displays the message and plays a tune:
Happy birthday to you,Dear Yang !

The virus also contains the text strings:
G L Y Serial Number:

Details
Glue.4000.a

It is a very dangerous memory resident multipartite virus. It writes itself to the end of .COM and .EXE files and to the MBR of the hard drive and boot sectors of floppy disks. The virus is encrypted in files. While accessing to infected disk sectors the virus calls its stealth routine.
When an infected file is executed, the virus hooks INT 21h and stays memory resident. It then infects the files that are executed or opened. Before infecting a file, the virus infects current disk (MBR in case of hard drive, or boot sector in case of floppy disk). While infecting a disk the virus overwrites the boot or MBR sector, then writes its code and original boot/MBR sector to the disk sectors that are then marked as bad ones. Reinfection of disks and files is possible. In some cases the virus corrupts the floppy disk boot sector while infecting. The virus also has other bugs and may halt the system while infecting a file.
On FindFirst/Next DOS calls the virus calls its stealth routine and shows decreased length of infected files. When BACKUP.COM or CHKDSK.COM utilities are run, the virus disables that routine.
While loading from infected disk the virus hooks INT 13h, waits for DOS loading process, then hooks INT 21h and INT 9 (keyboard). INT 9 handler contains a counter and increases it on any keystroke. When this counter reaches 10000, the virus starts to disable writing to disk (INT 13h) without any error message or return code. That will corrupt the files while writing to them.
The variants of this virus contain the text strings:
“Glue.4000.a”:
COMEXEBACKUP.COMCHKDSK.COM
The Digital Glue (C) 1990,1991 by Eastern Digital
1900 Timi$oara
THE END

“Glue.4000.b”:
COMEXEBACKUP.COMCHKDSK.COM
Lipici (C) 1991 by Eastern Digital
1900 Timi$oara

Details
Gluck.761

It is a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of .COM-files that are executed. The virus deletes the CHKLIST.MS file. If the name of the executed program is *WEB.*, the virus terminates execution, and displays the message:
Error reading fat!

At midnight the virus “shakes” the screen and displays the message:
You iave a ¨GLUCK¨ !!!