Details
Malaga.2385

This is a harmless memory resident multipartite virus. It hooks INT 8, 13h, 21h and writes itself to the end of COM and EXE files except COMMAND.COM. The virus also infects boot sector on floppy disks as well as on C: drive. The virus writes the original boot sector and the rest of virus code to the last sectors of the drive.
The virus decrypts and displays the texts:
HB=ETA=ASESINOS
PENA DE MUERTE AL TERRORISMOKI
VIVA ESPA
It also contains the text:
*.EXE *.COM COMMAND.COM

Details
Mal family

These are a very dangerous nonmemory resident overwriting viruses. They search for .EXE files in current and parent directories and overwrite them. The viruses then search for *.INI files in the \WINDOWS directory and also overwrite them. They contain the text string:
*.EXE *.INI \WINDOWS

Details
Major Family

These are dangerous memory resident encrypted parasitic viruses. They hook INT 8, 21h and write themselves to the end of EXE-files that are executed. At random selected moment these viruses open the BBS-files:
“Major.1644″: \BBSV6\BBSAUDIT.DAT, \BBSV6\BBSUSR.DAT
“Major.1691″: C:\BBSV6\BBSAUDIT.DAT, C:\BBSV6\BBSUSR.DAT

and check them for presence of the names:
“Major.1644″ Puppet Image Gnat Minion Cindy F’nor
“Major.1691″: Puppet Image Gnat Santa Minion Cindy Herman

If any of these strings is found, the viruses change in some way the contents of BBS-files.
The viruses also contain the text strings:
“Major.1644″: The Major BBS Virus created by Major tomTugger
“Major.1691″ The Major Virus created by Weed and dedicated
to the Quantum BBS in Calgary, AB

Details
Majkl Family

These are harmless memory resident encrypted multipartite viruses. While executing of the infected file the virus writes itself to MBR of the hard drive, hooks INT 13h, 21h and then writes itself to the end of COM- and EXE-files that are executed or opened. While booting from infected MBR the virus hooks INT 8, 13h, waits for DOS loading procedure, then hooks INT 21h and hits the files.
The viruses use anti-debugger tricks bases on the features of i386+ processors. The “Majkl.1438″ virus contains the text string:
Majkl

Details
Mail

It’s a not dangerous memory resident boot virus. It hooks INT 8, 9, 13h and writes itself into MBR of hard drive and floppy boot sectors. Depending on its internal counters it disables keyboard, overwrites CMOS, displays the picture:
+——————- Help for users E-Mail ———————-+
¦ Send/Receive Mail Manual page 137 ¦
+—————————————————————-+
¦ This command starts Commander Mail and sends any messages in ¦
¦ the OUT directory via MCI Mail. It also copies any new ¦
¦ messages from MCI Mail to the IN directory. ¦
¦ ¦
¦ Use the commander maiL command if you just want to browse ¦
¦ through messages in your IN directory, or if you want to ¦
¦ create new messages. ¦
¦ ¦
¦ Use the Send files item in the Files menu if you want to send ¦
¦ files to someone via MCI Mail. ¦
¦ ¦
¦ Note: This function is provided by the MCI.EXE and ¦
¦ MCIDRIVR.EXE programs, which must be in the same ¦
¦ directory as the Norton Commander (NC.EXE). ¦
+—————————————————————-+

This Trojan logs the user’s keystrokes. It is a Windows PE EXE file. The file is 30,208 bytes in size. It is packed using AsPack. The unpacked file is approximately 70KB in size. This Trojan is written in Visual Basic.
Installation
In order to ensure that the Trojan is launched…

This Trojan will disable antivirus protection. It is a Windows PE EXE file. It is 7 168 bytes in size.
Installation
When launched, the Trojan copies its executable file to the Windows root directory:
%WinDir%\MemChk.exe
In order to ensure that the Trojan is launched automatically when the system…

Details
Magick.412

It is a very dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of EXE files while reading from them (DOS function Read, AH=3Fh). While infecting a file the virus uses undocumented System File Tables. The virus has bugs and may corrupt files while infecting them. The virus contains the text string:
Quantum Magick

Details
Magdzie.1114

This is a benign memory resident parasitic stealth virus. It hooks INT 21h and writes itself at the end of EXE-files that are closed. On execution or opening of infected file this virus disinfects it. This virus deletes CHKLIST.* files. On May, 27 it displays the message:
Magdzie T. - jutro Twoje urodziny!
Then it manifests itself by a video effect. It also contains the internal text strings:
PH
chklist?.*

Details
Magdzie.1056

This is a benign memory resident parasitic stealth virus. It hooks INT 21h and writes itself at the end of EXE-files that are closed. On execution or opening of infected file this virus disinfects it. This virus deletes CHKLIST.* files. On May, 27 it displays the message:
Magdzie T. - jutro Twoje urodziny!
Then it manifests itself by a video effect. It also contains the internal text strings:
PH
chklist?.*

Details
Magda.512

Magda.512 is a dangerous memory resident parasitic virus. It copies itself into Interrupt Vectors Table, hooks INT 21h and writes itself at the end of EXE-files that are executed or opened. On May, 28th it deletes the files. Depending on the system time it displays the message:
I love Magda Trawinska!

Details
Mag Family

These are harmless memory resident parasitic virus. They copy themselves into the Interrupt Vectors Table, hook INT 21h and write themselves at the end of .COM-files that are executed. They do not manifest themselves in any way.

Details
MadWill.2400

MadWill.2400 is a not dangerous memory resident parasitic stealth virus. It hooks INT 21h and writes itself at the end of COM- and EXE-files (except COMMAND.COM) that are accessed. On execution under DOS lesser than 3.0 it displays the message:
This program requires MS-DOS version 3.30 or later.

It contains the internal text strings:
The Stainless Steel TechRat, Version 1.0, 2.03.94,
(C) 1993-94 by MadWill International, Moscow, Russia
WYSINWYG (What you see is NOT what you get)
Thanks to H. Harrison
COMMAND.COM .EXE
Story 1 : The Stainless Steel TechRat is Born

Details
MadSatan Family

These are not dangerous memory resident parasitic viruses. They hook INT 21h and write themselves at the end of COM- or EXE-files, or both COM and EXE depending on the virus version. Different virus versions hit the files on their opening, execution ot DOS calls FindFirst/Next. Some of these viruses hook INT 08h also, they manifests themselves by video or/and sound effects, display the messages.
These viruses contain the strings:
“MadSatan.599″:
Cosmo Virus V1.0 (c) 1994 Written By [ Mad Satan ] in Taipei.TAIWAN.
MS

“MadSatan.639″:
Mad Satan[ This is StarFish ]
1993 Written by Mad Satan in TAIWAN.
[ STARFISH ] Satan

“MadSatan.1019″:
(c) Copyright 1994 Satan Virus
This is Satan Virus Ver 3.08
Written by Mad Satan in TAIWAN
Satan Ver 3.08 [Mad Satan]

“MadSatan.2060″:
How do you do >>
Today is My Birthday
OH! YES! Happy Birthday To Youp!
Satan

“MadSatan.2876″:
—————-
* Satan Virus * (c) Copyright 1994 Mad Satan International Corporation.
Written by Mad Satan in TAIWAN. Satan Ver 2.08 Mad Satan
—————-

“MadSatan.9849″:
Ruei-Chiang Virus by Mad Satan
—————-
1994 (C) Copyright Ruei-Chiang Virus
Written by Mad Satan in TAIWAN.
Carzy !!! Another Masterpiece of Satanall..
Don’t Worry I just a Virus.
Satan Ver 3.01
- Mad Satan —————–

“MadSatan.19033″
* Satan virus * MAD !! Another Masterpiece of Satan………..
Satan virus Copyright (c) 1993 Ver 2.01 Written by * Mad Satan *
GOOD LUCK TO YOU - Mad Satan - - Mad Satan - - Mad Satan -

“MadSatan.King.1424″:
Virus King 1
“MadSatan.King.2175″:
Mad Satan King Kong Virus Satan Ver 3.00 - Mad Satan -

Details
MadMax.507

It is a harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are executed. The virus contains the text strings:
MadMax