Details
Glitter.1462
This is a not dangerous nonmemory resident encrypted parasitic virus. It searches for COM and SYS files, then writes itself to the end of the file.
On May 8, July 4, September 3, November 5 the virus displays the message:
Wish you a Happy Birthday Love Guess Who ?
The virus also contains the texts:
Glitter ver 1.03 , Coded by DDISARTHH, Hi Avi Guess Who?
Greetings From Siddharth, Mumbai 400 092
Details
Glitter.1207
This is a not dangerous nonmemory resident encrypted parasitic virus. It searches for COM and SYS files, then writes itself to the end of the file.
The virus also contains the texts:
Glitter ver 1.0 , Coded by Siddharth. SID IS IN YOUR RAM CHIPS
Greetings From Siddharth Bombay-92
Details
Gliss.1247
It’s a not memory resident not dangerous virus which searches for a .COM-files on the A: drive and infects them by standard way. It contains the text “*.COM” and types:
Dies ist ein Demonstrations-Computervirus !
So gerade eben wurde das Program :
von diesem Virus befallen. Der VIRUS hängt
sich an alle Files - in Laufwerk A - mit der
Extention .COM an. Die Programme bleiben
aber ablauffähig.
Falls Sie Fragen zu Computerviren oder Datensicherheit und
Datenschutz beim Einsatz von Personal Computer haben, fordern
Sie unsere Informationsbroschüre :
- Der sichere und kontrollierbare PC -
an.
Gliss & Herweg GmbH
Augustinusstraße 7-11
D-5020 Frechen-Königsdorf
Alle Com - Programme in Laufwerk A sind mit diesem VIRUS schon infiziert !
Details
Glew.4283
This is a very dangerous memory resident parasitic polymorphic virus. It hooks INT 21h and writes itself to the end of EXE files that are executed, opened or closed. The virus does not infect several anti-virus programs (TBAV, FVIRU, F-PROT, AVP, e.t.c.) and COMMAND.COM according to the string:
TB FV F- VS AV VIR HIE OOLK UARD SCAN CLEA MMAN
The virus intercepts KEY and SIG files opening, looks for some program in the memory (anti-virus?) and patches its code.
On January 3, 9 and on July 19 the virus erases the hard drive sectors and displays the message:
A la Memoria de Cevallitos
-= RATA de GLEW virus =-
Details
Glew.4245
This is a very dangerous memory resident parasitic polymorphic virus. It hooks INT 21h and writes itself to the end of EXE files that are executed, opened or closed. The virus does not infect several anti-virus programs (TBAV, FVIRU, F-PROT, AVP, e.t.c.) and COMMAND.COM according to the string:
TB FV F- VS AV VIR HIE OOLK UARD SCAN CLEA MMAN
The virus intercepts KEY and SIG files opening, looks for some program in the memory (anti-virus?) and patches its code.
On January 3, 9 and on July 19 the virus erases the hard drive sectors and displays the message:
A la Memoria de Cevallitos
-= RATA de GLEW virus =-
Details
Glemp.877
It’s a dangerous not memory resident parasitic virus. It searches for .COM-files and writes itself to their ends. It contains the internal encrypted text string:
*.com
C:\DOS\COMMAND.COM
On September, 1st and November 1st it decrypts and displays the message and then erases the disk sectors:
HUJ GLEMP and his fucking
friends formatting Your Hard Disk NOW !
Podziekuj pierdolonemu kosciolowi.
This Trojan logs the user’s keystrokes. It is a Windows PE EXE file. It is written in Visual C++. The packed file is approximately 12KB in size. It is packed using ASPack. The unpacked file is approximately 20KB in size.
Installation
Once launched, the Trojan copies itself to the…
Details
Gle.848
It is a dangerous memory resident virus that by standard way infects every started 10th EXE-file. It hooks INT 21h. On December, 24th it displays the text: “Gleîileg jól” and stops any file execution.
Details
Gkchp.800.b
This is a dangerous encrypted parasitic virus. It writes itself at the end of COM and EXE files. On August, 19th it reboots the system. These virus contains the internal texts:
*.COM *.EXE *. âèùÅ
Details
Gkchp.800
This is a dangerous memory resident encrypted parasitic virus. It writes itself at the end of COM and EXE files. It hooks INT 21h to intercept execution of the files. On August, 19th it deletes the files. These virus contains the internal texts:
âèùÅ Commonwealth of Independent States
Details
GK.7697
It is a dangerous memory resident highly polymorphic and stealth multipartite virus. It infects the MBR of the hard drive, boot sector of 1.4Mb floppy disks and writes itself to the end of COM and EXE files that are accessed. The virus uses its polymorphic and stealth abilities for boot sectors as well as for executable files. When ARJ, LHA or PKZIP archivers or CHKDSK utility is active, the virus temporary disables its stealth routines.
To intercept system events the virus hooks INT 13h, 21h, 29h. While installing memory resident and infecting the virus uses several tricks, patches DOS kernel and accesses undocumented internal DOS structures. The virus has bugs and in some cases halts the system while installing memory resident.
The virus infects the MBR of the hard drive only if an infected program is executed for the first time in DOS box under MS Windows. The virus hooks INT 13h and infects floppy disks only after booting from infected hard drive. While infecting the virus stores the original MBR code in second sector on the hard drive and original boot sector on extra formatted track (80th). The virus corrupts the Disk Partition Table in the MBR, so the hard drive will be not available after booting from clean system disk or after repairing with FDISK/MBR.
The virus contains the text:
Unknown (c) 1997 G.K. Poland
Details
Gisela.702
It is not a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are executed. While installing memory resident the virus also infects the C:\COMMAND.COM file. On January 21th the virus decrypts and displays the message:
Virus GISELA 2.0 By EJECUTOR (Hecho en Argentina)
Feliz cumpleaños Gisela.
Details
Girls.1829
It’s a not dangerous not memory resident parasitic virus. It searches for .COM- and .EXE-files and writes itself to their ends. Depending on the system date it displays the message:
I love you, girls ! You are so beautiful !
then it hooks INT 1Ch and plays the tune.
Details
Gene.1437
It is a dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of .EXE files that accessed by FindFirst/Next FCB DOS functions (DIR command). While installing memory resident the virus access DOS kernel in not accurate way and may halt the system. The virus contains the text:
Gene_1991_in DUT (Dalian China)
Details
GencVir.1000
It’s a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM-files that are executed. It contains the internal text string: “GencVir (C) 1993 by HACKER”. On October, 10th it decrypts the message and writes it (INT 21h/AH=40h) in random selected handle:
Ey Turk gencligi!
Birinci vazifen Turk istiklalini,Cumhuriyetini,ilelebet,muhafaza ve mudafaa
etmektir. Mevcudiyetinin ve istikbalinin yegane temeli budur.Muhtac oldugun
kudret,damarlarindaki asil kanda,mevcuttur
M.Kemal ATATURK