Details
Lasky.129
These are harmless memory resident parasitic viruses. They hook INT 21h and write themselves to the beginning of COM files that are executed. The viruses do not manifest themselves, they contain the string “lasky”.
Details
Larry.491.a
It is not a dangerous memory resident parasitic virus. Being executed it copies itself into Interrupt Vectors Table and hooks INT 21h. Then it writes itself to the end of .COM and .EXE files that are executed. Sometimes it displays:
Larry on a Screen
Details
Laplata.1809
It is not a dangerous memory resident stealth parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are accessed. The virus also infects files that are being searched. It deletes anti-virus file ANTI-VIR.DAT, if it exists.
On 18 November the virus several times displays a text message.
The virus contains the text strings:
Virus La Plata v 2.1 (c) 9/97 Mean Mr. Mustard
> 19 de Noviembre - Viva La Plata <
Details
Lapiddan.457
These viruses infect SYS files, and write themselves to the end of the file. The viruses stay memory resident as device drivers that are loaded into the system memory during DOS installation. To infect the files the viruses hook INT 21h.
The viruses do not change driver’s Strategy and Interrupt addresses, but correct the NextDevice field - they save the offset of the virus code into there. As a result DOS loads any infected file as two different device drivers.
“Lapiddan.457″ is a harmless memory resident parasitic virus, it does not manifest itself in any way. This virus contains the text string:
lapiddan
“Lapiddan.649,1137″ on September 13th halt the computer and blink the screen and Num/Caps/Scroll Lock keys. They contain the texts:
“Lapiddan.649″: [ESQUILO] by Xavirus Hacker * Programmed in Paraguay
“Lapiddan.1137″: [XAVIER!] by Xavirus Hacker
“Lapiddan.1137″ also drops the “Xav.Xavier.367″ COM parasitic virus.
Details
Lapidario.766
These are very dangerous nonmemory resident encrypted parasitic viruses. They search for .COM files except COMMAND.COM, and write themselves to the end of the file. Then the viruses delete the CHKLIST.MS file. On 18th of any month the viruses erase the disk sectors, and display the messages:
“Lapidario.766,768″: Lapidario - V1.0 - Argentina 1993 -
“Lapidario.787″: Lapidario - Argentina 1993 -
Details
Lamour.2461
It is a very dangerous memory resident parasitic polymorphic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed, opened or accessed with FindFirst/Next DOS calls (both FCB and ASCII formats).
The virus has bugs and may halt the system while installing or while infecting files. On September 19th it erases the hard drive sectors. It contains the text string:
L’AMOUR v2.0 designed by NTUBL (National
Taiwan University Bacteriophage Lab)
Details
LamersSuprise.1282
It is not a dangerous nonmemory resident parasitic virus. It searches for EXE files and writes itself to the end of the file. It contains/displays the text string:
Lamers Suprise v1.00-
—Oh No!, All your files are as good as dead, Data files manipulated
(only slightly) and executables infected with a BIG FAT VIRUS.–YOU
FUCKING LAMER–
Details
Lamerman
It is a very dangerous memory resident multipartite virus. It infects the MBR of the hard drive and overwrites EXE files that are created or copied, i.e. the virus does not affect existing EXE files but newly created/modified files only.
When an infected file is executed the virus affects the MBR and halts the computer, while infecting the virus fools the BIOS virus protection by a simple keyboard trick. On rebooting the virus stays memory resident, hooks INT 13h and overwrites EXE files on writing to them.
The virus contains the text string:
Lamerman .01
Details
Lamento.2690
It is a very dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are accessed. While installing the virus also infects the C:\COMMAND.COM and C:\DOS\MODE.COM files. The virus checks the file name, and does not infect the files that begin with any of the strings:
PCVIR CENTINEL SCAN CLEAN VSHIELD ATM TB CPAV MSAV TNT FINDVIR VC VREMOVE
VSMENU VSCHK MM. KEYB.
On January 21st the virus sets the system date to January, 20th, then deletes C:\AUTOEXEC.BAT and C:\CONFIG.SYS files, renames to the random names all the files in subdirectories of C: drive:
\DOS \MSDOS \SYS \DRDOS \IBMDOS
\WINDOWS \WIN \WIN3 \WIN30 \WIN31 \WIN311
While processing Windows’ directories the virus looks also for SYSTEM subdirectory. Then the virus displays the messages:
Lamento tener que comunicarle que hoy es 21 de Enero all
… ha sido una cortes¡a de Woi
Details
Lamego.722
These are relatively harmless memory resident parasitic viruses. They hook INT 21h, and write themselves to the end of COM files that are executed. While installing into the system memory, the viruses also infect the C:\COMMAND.COM file. In August, the viruses decrypt and display the following message:
(C) Virús LAMEGO 1.0
Cópia de virús ilegal all
The viruses also contain the text strings:
C:\COMMAND.COM
*LAMEGO*
Details
KVS.1942
It is a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are accessed. The virus does not infect file, if its name contains the letters: MM, ID or SC. On 31th the virus also hooks INT 1Ch and in some time decrypts and displays the message and halts the computer:
+————————————–+
¦ ¦
¦ Take Care of SoftWare all ¦
¦ KieViruSoft Data Product (c) 1994 . ¦
¦ ¦
+————————————–+
The virus also contains the text:
KieViruSoft (c) Ver1.0
Details
Kvapavka.879
It is not a dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are executed. On 27 of any month the virus displays the message:
Kvapavka by SH-Software (c) 1995 v 1.2
The virus also contains the text strings:
I`love PC Revue ! I’NEED JOB !.*.COM Infector.>><<
Fuck of SPS Brezno.VIVAT Z./n.HronomFor M.Trnka SHSJ
Details
Kusumah.3968
This is relatively harmless memory resident encrypted parasitic virus. It hooks INT 8 and 21h, and writes itself to the end of COM and EXE files that are accessed. The virus searches for “COMMAND.COM” files, and infects them upon each accessing to executable files.
Some time after installation, the virus displays the following message:
Moslem Power Never End.(P) KuSuMaH’S ElEkTrO UnJaNi
On Fridays virus creates “GERILYA.COM” file and writes the program there. While executing, this program displays:
Gerilyawan Elektro UNJANI Bdg-Cmh. (C) KuSuMaH’S.
The virus sets new volume labels on floppy disks:
KUSUMAH S
The virus also contains the text string:
KUSUMAH S ) UNJANI, Bandung
Details
Kusumah.2588
This is relatively harmless memory resident parasitic virus. It hooks INT 8 and 21h, and writes itself to the end of COM and EXE files that are accessed. The virus searches for “COMMAND.COM” files, and infects them upon each accessing to executable files.
Some time after installation, the virus displays the following message:
+-< INGAT SHALAT.!! >-+
| UNIVERSITAS |
| JEND. ACHMAD YANI |
| ” E l e k t r o ” |
+———————+
| (C) KUSUMAH SASMITA |
+———————+
On Fridays virus creates “SELAMAT.COM” file and writes the program there. While executing, this program displays:
Create by: KUSUMAH SASMITA, UNJANI Bdg-Cmh all. Good Day !
The virus sets new volume labels on floppy disks:
KUSUMAH S
The virus also contains the text string:
KUSUMAH S ) UNJANI, Bandung
Details
Kustanai.2071
It is not a dangerous memory resident encrypted parasitic virus. It infects COM and EXE files. While infecting the virus encrypts and writes its code to the end of file, then writes decryption routine to the middle of file at random selected address, then modifies file header.
The virus intercepts LOGIN utility execution and stores all keystrokes that are entered during LOGIN’s run (to do that the virus uses INT 9 hook). While infecting next files the virus writes to the file’s end these keystrokes as well as its actual code. As a result the virus a) is able “to steal” network passwords; b) increases file length by VirusLength (2071 bytes) plus keystrokes buffer length (up to 255 bytes).
When an infected file is executed, the virus hooks INT 9, 21h and stays memory resident. By hooking INT 21h the virus runs its infection routine: it affects files that are executed, opened, renamed or created. When anti-virus programs AIDSTEST, ADINF, DRWEB, SCAN are executed, the virus temporary disables infection of file opening, but infects files when they are closed.
On 10th of any month the virus displays the message:
This is Kustanai-Login. Is devoted Kuzmina Olya. TVA-96 me 16!