This Trojan downloads other malicious programs from the Internet and launches them on the victim machine. The program itself is a Windows PE EXE file. The file size may vary significantly. This Trojan was originally sent as spam. Infected messages: Message subject (chosen at random from the...

This worm spreads via the Internet as an attachment to infected messages. Infected messages will be sent to all email addresses harvested from the victim machine. The worm itself is a Windows PE EXE file. The file size may vary significantly. The file is packed using UPX. Installation When...

Details
Lazarus.2222

It is a dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed or opened. It does not infects the COMMAND.COM and several anti-virus programs. When it is run for the first time, it infects the files, if they exist:
C:\DOS\FORMAT.COM
C:\WINDOWS\COMMAND\FORMAT.COM
C:\WIN95\COMMAND\FORMAT.COM

The virus deletes anti-virus data files:
ANTI-VIR.DAT, CHKLIST.CPS, CHKLIST.MS, QHCHK.INF

While infecting the virus sets the writing to write-protected disk error handler (INT 24h) to incorrect address, that may crash the system.
On June 2nd the virus displays a message to the center of the screen and waits for a keystroke. The message looks as follows:
++ +—+ +—+ +—+ +—+ ++ + +—+
|| |+–| +—+ |+–| |+–+ || | +—+
+—+ ++ + +—+ ++ + ++ + +—+ +—+
-= LaZaRuS.2222 (c) The Shaitan/[MenACE] =-

The virus also contains the text strings:
Quick Heal? HA HA HA!
Interestingall Huh, Kishin F.?
Greetz to all members of [MenACE]: Hitech Redneck, Cyborg,
The Snake, AaronsGWC & The Shaitan!’

This Trojan downloads other malicious programs from the Internet and launches them on the victim machine without the user's knowledge or consent. The program itself is a Windows PE EXE file. It is not packed in any way. It is 6881 bytes in size. It is written in Visual C++.

Details
Lazarus.1457

This is a benign memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed or opened. It does not infect the files: COMM???.*, WIN.*, F-PR??.*, VIRS???.*, TBAV.*, SCAN.*, MSAV.*, CPAV.*, CLEA?.*. On start it also infects one and following files: C:\DOS\FORMAT.COM, C:\WINDOWS\COMMAND\FORMAT.COM, C:\WIN95 COMMAND\FORMAT.COM, and deletes the files: ANTI-VIR.DAT, CHKLIST.CPS, CHKLIST.MS. When the MEM.EXE utility is run, the virus hides its block of memory. The virus contains the text string:
The Lazarus Virus (c) ‘98 The Shaitan/SLAM

Details
Lawine.2449

It is not a dangerous memory resident encrypted stealth parasitic virus. It hooks INT 13h, 21h and writes itself to the end of COM and EXE files that are executed. On selecting a new directory the virus searches for COM files in there and infects them. The virus disables its stealth and infection routines when files with several hard-coded lengths are executed (anti-virus scanners?). The virus also does not infect the anti-virus programs:
F-PR,TBAV,SCAN,MSAV,CPAV,TBME,TBFI,TBSC

The virus contains the text strings:
allGravenreuth says: Gotcha !…. …LAWINE was written in
Germany ‘94…Greetings to NB…

Details
LAVI.789

These are not dangerous memory resident encrypted parasitic viruses. They hook INT 21h and write themselves to the end of COM-files that are executed or opened. They contain the internal text string:
[LAVI 1.0] (c)1994 FaTHer MaC

and/or:
“FatherMac.1445″: [LASNEEZE SNEEZE SNEEZE SNEEZE
“FatherMac.1495″: [LABARF BARF BARF BARF BARF HI
“FatherMac.1536″: TE GUSTA TU NUEVO BOOT RECORD??, CORTESIA DE ANTI-RA
c:\RA\RA*.*

Depending on the system date and time some of “FatherMac” viruses beep with PC speaker or/and display the messages:
“FatherMac.789,836″: Poner aca el texto deseado
“FatherMac.838″: I feel a sickness coming on!
“FatherMac.1445,1495″: Cough Cough Cough Cough Ch
“FatherMac.1470″: Poner aca el texto deseado

“FatherMac.789″ depending on the system date and time prints the screen (INT 5).
“FatherMac.1496″ manifests itself with a sound effect.
“FatherMac.1536″ erases disk sectors.

Details
LAVI.789

These are not dangerous memory resident encrypted parasitic viruses. They hook INT 21h and write themselves to the end of COM files that are executed or opened. The viruses contain the text string:
[LAVI 1.0] (c)1994 FaTHer MaC

and/or:
“LAVI.1445″: [LASNEEZE SNEEZE SNEEZE SNEEZE
“LAVI.1495″: [LABARF BARF BARF BARF BARF HI
“LAVI.1536″: TE GUSTA TU NUEVO BOOT RECORD??, CORTESIA DE ANTI-RA
c:\RA\RA*.*
“LAVI.F5″: SaLuDoS a KaLo!
?___k|-_|_Ü$ ?5 _1.0ß (-)?_ß1994 [_?_$TÇ]
C:\AUTOEXEC.BAT C:\CONFIG.SYS
“LAVI.USA”: [USA 94] (c)1994 ANuBiS
-USA 94-

Depending on the system date and time some of “LAVI” viruses beep with PC speaker or/and display the messages:
“LAVI.789,836″: Poner aca el texto deseado
“LAVI.838″: I feel a sickness coming on!
“LAVI.1445,1495″: Cough Cough Cough Cough Ch
“LAVI.1470″: Poner aca el texto deseado

“LAVI.789″ depending on the system date and time prints the screen (INT 5).
“LAVI.1496″ manifests itself with a sound effect.
“LAVI.1536″ erases disk sectors.
“LAVI.F5″ deletes the C:\AUTOEXEC.BAT and C:\CONFIG.SYS files.

Details
Lauren.615

These are not dangerous nonmemory resident parasitic viruses. They search for COM files, then write themselves to the end of the file. The viruses check the system date and on May 32nd (!) intend to display the message and halt the computer:
[Lauren] Virus 0.1b
Dedicated with love to Laurenall.
Have fun in NYC sweetums!!! *snuggles*
Love,
Cody

The viruses also contain the text string:
*.COM .. TBAV

Details
Laufwerk

It is a harmless nonmemory resident companion virus. It searches for .EXE files of the subdirectory tree of a random selected disk, renames the file that is found to the random selected name, and writes itself instead of original file.
Being executed the virus searches for the files and infects them, then it executes the host file that was renamed. This virus contains the text strings:
.exe Laufwerk:
Runtime error at .
Portions Copyright (c) 1983,90 Borland

Details
Lation.897

It is a dangerous nonmemory resident parasitic virus. It searches for .EXE files, then writes itself to the end of the file. The virus also searches for some non-EXE files and patches (corrupts?) them. The virus contains the text string:
fUCKUp(C++), by 1997

Details
Later.987

This is a harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the beginning of COM and to the end of EXE files that are executed or opened. While installing into the memory, before return to the host program this virus disinfects the host file. If an installed DOS have version is lesser that 3.0, the virus displays on Sundays:
TRANSPLANT & NETWARE

Details
Later.981

This is a harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the beginning of COM and to the end of EXE files that are executed or opened. While installing into the memory, before return to the host program this virus disinfects the host file. If an installed DOS have version is lesser that 3.0, the virus displays:
This program required MS-DOS 3.00 or later

Details
Later.959

This is a harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the beginning of COM and to the end of EXE files that are executed or opened. While installing into the memory, before return to the host program this virus disinfects the host file. If an installed DOS have version is lesser that 3.0, the virus displays:
Incorrect DOS version

Details
Late.248

It is not a dangerous nonmemory resident parasitic virus. It searches for .COM files and writes itself to the end of the file. From midnight till 4:00 it displays the message:
Get some sleep, will ya? - Late Night Virus - Jack Damn