Details
Manuel family

These are memory resident parasitic viruses. They hook INT 21h and write themselves to the end of .COM files (except COMMAND.COM) that are executed or opened.
“Manuel.1155″ searches for .COM files and infects it on DOS function GetDiskSpace (AH=36h) calls. While executing an infected file the virus infects the files from the list:
C:\DOS\FORMAT.COM
FORMAT.COM
C:\DOS\KEYB.COM
KEYB.COM

In some cases while installing the viruses display the messages:
“Manuel.777″: Soy un Manuel Virus de tipo G
“Manuel.814″: Soy un Manuel Virus de tipo N
“Manuel.840″: Soy un Manuel Virus de tipo B
“Manuel.858″: Soy un Manuel Virus de tipo L
“Manuel.876″: Soy un Manuel Virus de tipo R
“Manuel.937″: Soy un Manuel Virus de tipo C
“Manuel.957″: Soy un Manuel Virus de tipo C
“Manuel.972″: Soy un Manuel Virus de tipo B
“Manuel.995″: Soy un Manuel Virus de tipo H
“Manuel.1155″: Soy un Manuel Virus de tipo H
“Manuel.1388″: Soy un Manuel Virus de tipo M

“Manuel.777,814,876″ are not dangerous viruses, they does not manifest themselves in other ways.
“Manuel.840,972″ are very dangerous viruses. Depending on their internal counters they delete the files instead of infecting them.
“Manuel.858″ is not a dangerous one, depending on its internal counters it hooks INT 8 (timer) and delays on every timer tick.
“Manuel.937,957″ erase CMOS memory.
“Manuel.995,1135″ corrupt the disk sectors and display the message:
Manuel Virus: to repare HD, rotate rigth the sector (not the bytes)
number 2, head 0, of tracks 0 to length of this message

“Manuel.1388″ plays a tune.
Manuel.2209
It is an encrypted virus. It infects both .COM and .EXE files. Depending on the system date the virus beeps with PC speaker. While executing an infected file the virus receives the control and infect the files:
C:\DOS\COMMAND.COM
\DOS\COMMAND.COM
\COMMAND.COM
COMMAND.COM

This virus also contains the text strings:
c:\dos\command.COM
Manuel strikes again

Details
Manu.4096

It is a not dangerous memory resident parasitic virus. It hooks INT 21h and writes itself at the end of COM- and EXE-files that are executed. It contains the internal text strings:
Manu virus Version 1.0
Parity error 0000:F243

The last string can be displayed in future versions of the virus, in that version, the corresponding branch is not activated.

Details
Mantra.719

It is a very dangerous nonmemory resident parasitic virus. It searches for .COM files, then writes itself to the end of the file. Depending on the system time the virus tries to erase the disk sectors and displays the message, but fails and halts PC. The message is:
************************
* VALENTINE *
* HAS ENTERED! *
************************
This is the VALENTINE virus, 1.0 by Black Mantra

Details
Manowar.592

It’s a dangerous memory resident encrypted parasitic virus. On execution it copies itself into the memory at the address 9000:0000 without altering of MCB list, it will halt computer. The virus hooks INT 21h and writes itself at the end of COM- and EXE-files are accessed. It contains the internal text strings:
MANOWAR
(C)PK

Details
Maniak

It is not a dangerous memory resident boot virus. It hooks INT 13h and overwrites the MBR of the hard drive and boot sector of floppy disks. On December 31st it decrypts and displays the message:
DEJ SI ASPON DNESKA POHOV, MANIAKU ! 31thDEC

Details
Mango Family

These are harmless nonmemory resident parasitic viruses. They search for .COM files, then write themselves to the end of the file. The viruses do not manifest themselves in any way.

Details
Mangel.1468

It is not a dangerous memory resident stealth parasitic virus. It hooks INT 21h and writes itself to the end of EXE files that are accessed. The virus deletes the anti-virus data files CHKLIST.MS and ANTI-VIR.DAT. The virus contains the text string:
mangel

Details
Mandra family

These are not dangerous memory resident parasitic viruses. They hook INT 21h and write themselves to the end of COM files that are executed.
Depending on the system timer the viruses display the messages:
“Mandra.533″: Mandragore for president !!!
“Mandra.562″: Mandragore’z sPirIt haunts ur computah !
“Mandra.664,669″: BEER and TEQUILA forever !’

The viruses also contain the text strings:
“Mandra.533″: Mandragore [Mdrg v3.7]
“Mandra.562″: Mandragore [Mdrg v4]
“Mandra.664,669″: Mandragore [Mdrg v5]
Error 8869: processor drunk 8*)
Eddy iz still alive somwhere in time all…

Mandra.866,886
These are memory resident encrypted viruses infecting EXE files that are opened or executed. The viruses write themselves to the end of files while infecting them. The viruses use not documented DOS calls, and have a bug in this part of code: these functions are called incorrectly. As a result, if there are several files opened, or a file is executed when some other files are opened, the viruses can use wrong file offsets and corrupt files.
The viruses call a video effect - running cow. The viruses also contain the strings:
[MAD COW]
Mandragore

Details
Mand.1061

It is a harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM- and EXE-files (except COMMAND.COM) that are accessed. The virus does not manifest itself in any way. There are two text word in the virus body that are used by the virus to detect the COMMAND.COM file:
MA ND

These words are the only reason to name that virus.

Details
Malmsey.495.a

This is a dangerous, non memory-resident parasitic virus. It searches for EXE files and writes itself to their ends. Sometimes it infects the files incorrectly and they hang up upon execution. It contains the internal texts:
LM
Malmsey Habitat v. 2.0 Lucifer Messiah — ANARKICK SYSTEMS 07-18-92
Happy Birthday Pob!!

Details
Malign Family

These are not dangerous memory resident parasitic viruses. They hook INT 21h and when the DOS functions GetDisk or SetDisk are executed the viruses search for the COM-files and write themselves at their beginnings. Sometimes they display the string: “Malign”. On read/write error the virus “Malign.630″ displays also: “Wait”.

This malicious program is a worm. It is a Windows PE EXE file. It is 67,072 bytes in size.
Installation
When launched, the worm copies its executable file to the Windows root directory:
%WinDir%\Logo1_.exe
The worm also extracts the following file from its body to its working directory:…

This Trojan logs the user’s keystrokes. It is a Windows PE EXE file. It is 28,672 bytes in size. This Trojan is written in Visual Basic.

This Trojan is designed to steal confidential data. It is a Windows PE EXE file. The size of infected files may vary from 147KB to 171KB. It is packed using AsPack. It is written in Delphi.
Installation
Once launched, the Trojan copies itself to the Windows root directory (%WinDir%) under one…

Details
Malatinec family

These are dangerous parasitic encrypted viruses. They write themselves to the end of COM and EXE files.
“Malatinec.1554″ is a nonmemory resident virus. It searches for COM and EXE files and infects them. “Malatinec.2367″ is a memory resident, it hooks INT 21h. On Load&Execute DOS call it searches for executable files and affects them. “Malatinec.3737″ is also memory resident virus, it infects files that are executed.
While infecting the viruses rename the file to:
“Malatinec.1554″: FileName.M03
“Malatinec.2367″: FileName.M04

then infect it and renames back to original name. The virus does not infect the files:
“Malatinec.1554″:
AVG AVP CLEAN GUARD IV NAV NOD SCAN TB VIRSTOP WEB HIEW

“Malatinec.2367″:
ADINF AVG AVP CLEAN DRWEB F- FINDVIRU FV GUARD IBMAV IV
NAV NOD SCAN TB TOOLKIT VIRSTOP VIVERIFY WEB HIEW

“Malatinec.3737″
COMMAND AFD CHKDSK DOS4G HIEW KRNL SCANDISK WIN ADINF AIDS ANTI ASTA
AUTHOR AVAST AVG AVP AVSCAN BAIT CERT CLEAN CPAV CRC DRWEB F- FINDVIR FV86
FV386 GOAT GUARD IBMAV ICE IV MKS MSAV NAV NOD PAS QCV QMS SCAN TB TKUTIL
TOOLKIT V- VAC VDS VIR VIVERIFY VPCSCAN WEB

The viruses delete the files:
“Malatinec.1554″:
ANTI-VIR.DAT AVP.CRC CHKLIST.CPS CHKLIST.MS IVB.NTZ SMARTCHK.CPS

“Malatinec.2367″:
ANTI-VIR.DAT AVP.CRC CHKLIST.CPS CHKLIST.MS CHKLIST.TAV FINGERP.VVF
FSIZES.QCV IVB.NTZ NAV_._NO SMARTCHK.CPS _CHK.CHK

“Malatinec.3737″
ADINF-?-all. ANTI-VIR.DAT AVG.GRS AVP.CRC CHKLIST.CPS CHKLIST.MS
CHKLIST.TAV CRCHECK.TXT FINGERP.VVF FSIZES.QCV ICE_?.CRC IM.PRM IVB.NTZ
MSAV.CHK NAV_._NO NODEX_?.DAT SMARTCHK.CPS _CHK.CHK

The viruses also contain the text strings:
“Malatinec.1554″:
Virus Malatinec v0.3
Note: this is evolutionary (beta) version only. Be Happy!
PATH=*.* COMEXEM03

“Malatinec.2367″:
Virus Malatinec v.0..W_Nreated by Aladiah
Greet: all my friends in Slovakia; G722,E10,H723,H118 & all H4??
(sch.yr.95/96) & of coz i send a big fuck 2 big boxer V.M.
Note: this is last evolutionary ( ) version. Don’t Worry! Watch out

“Malatinec.3737″
[Malatinec] by Aladiah (C) 4/97
+ ¥ m , w+ + y u &pount; k¡ g ? ?!

“Malatinec.3737″ depending on the system time also displays one of messages:
Ked sa budes dobre ucit, dcerenka, stanes sa manekynkou.
Don’t dread! I’m friendly ghost
Critical Error - Use (MC) Hammer.
REALITY.SYS corrupted - reboot Universe ? [Y,n]
I’m INside. (what’s about your heuristic?)
Memory failed. Use paper.
Attention. High voltage on keyboard!
Prosím Vás, Zastavte HZDS !