Details
Nuker.Trance.1688
On the 1st day of the month if it is Monday that virus hooks INT 1Ch, and exchanges the symbols on the screen. Depending on its generation the virus may erase the disk sectors. The virus contains the text string:
Trance Virus (c) 1995 by The Nuker
Details
Nuker.Syndrome.1485
On 1st of any month it hooks INT 8,9, and slows down the computer (loop on each INT 8 call). When Alt-Ctrl-Del keys are pressed, the virus displays:
Your PC is working VERY SLOWLY todayall What about a good PENTIUM Processor ?
Before return to the host program the virus checks the system timer, and depending on its value displays the messages, waits for keystroke, compares that keystroke with random selected value, then the virus either returns to the host program, or erases the disk sectors:
+-?DANGER!+———————————————-+
? You are infected by ExCESS Virus (c) 1995 by The Nuker ?
?——————————————————–?
? I have destroyed your FATs but I have only ONE copy in ?
? my data area. IF YOU REBOOT NOW ALL DATA WILL BE LOST. ?
? If this isn`t enough, I have altered your Master Boot ?
? Record with a formatting routine in order to low-level ?
? format the primary Hard Disk when executed. If you are ?
? so dude and you don`t believe me, reboot now and look ?
? at your hard disk light spinning… If you don`t want ?
? to loose all your data then try to guess a number from ?
? 0 to 9 and pray for your answer to be correct, else… ?
+——————————————————–+
You have 3 tries to guess the correct number!!!
Enter the number:
You fucking SHIT!!! You guessed the right number!!!
You are safe this time but next will come very soon
and you will not be so lucky!!!
Sorry, you didn`t entered the correct number!
Retry, and hope you lucky!!!
Hum… you are lucky this time…
Please wait while reconstructing disk structure…
I WAS JOKING! Your Hard Disk has been fucked up!!!
Thank you for choosing another product of…
TTThTeT TNTuTkTeTrT
It also hooks INT 11h to check the already loaded TSR copy. On 1st of any month and depending on the system timer that virus erases all files in the current directory. The virus checks the file names, and does not infect the files with the names that begins with symbols:
VA TB F- AV SC CL -D -U MS MW NA
The virus contains the text strings:
[Syndrome virus (c) 1996 by The Nuker]
VATBF-AVSCCL-D-UMSMWNA
Details
Nuker.PortFuck
This program is an executed DoS (Denial of Service) attack (see about DoS-attack).
Details
Nuker.LorNuke
This program is an executed DoS (Denial of Service) attack (see about DoS-attack).
Details
Nuker.CGSi
This is a Win32 program that attacks remote Windows machines. It uses an error in the network support Windows library and uses it to crash the remote system by a specially prepared “Out Of Band” (MSG_OOB) packet that is sent to port 139.
To protect machine(s) against such an attack, you should install the latest Windows update (Service Pack).
Details
Nuker.BitchSlap
This is a Win32 program that attacks remote Windows machines. It uses an error in the network support Windows library and uses it to crash the remote system by a specially prepared “Out Of Buffer” (MSG_OOB) packet that is sent to port 139.
For more information see “DoS”.
Details
Nuker.a
On 1st of any month it hooks INT 8,9, and slows down the computer (loop on each INT 8 call). When Alt-Ctrl-Del keys are pressed, the virus displays:
Your PC is working VERY SLOWLY todayall What about a good PENTIUM Processor ?
Before return to the host program the virus checks the system timer, and depending on its value displays the messages, waits for keystroke, compares that keystroke with random selected value, then the virus either returns to the host program, or erases the disk sectors:
+-?DANGER!+———————————————-+
? You are infected by ExCESS Virus (c) 1995 by The Nuker ?
?——————————————————–?
? I have destroyed your FATs but I have only ONE copy in ?
? my data area. IF YOU REBOOT NOW ALL DATA WILL BE LOST. ?
? If this isn`t enough, I have altered your Master Boot ?
? Record with a formatting routine in order to low-level ?
? format the primary Hard Disk when executed. If you are ?
? so dude and you don`t believe me, reboot now and look ?
? at your hard disk light spinning… If you don`t want ?
? to loose all your data then try to guess a number from ?
? 0 to 9 and pray for your answer to be correct, else… ?
+——————————————————–+
You have 3 tries to guess the correct number!!!
Enter the number:
You fucking SHIT!!! You guessed the right number!!!
You are safe this time but next will come very soon
and you will not be so lucky!!!
Sorry, you didn`t entered the correct number!
Retry, and hope you lucky!!!
Hum… you are lucky this time…
Please wait while reconstructing disk structure…
I WAS JOKING! Your Hard Disk has been fucked up!!!
Thank you for choosing another product of…
TTThTeT TNTuTkTeTrT
Details
Nuke.Awake.600.a
These are non-memory resident encrypted parasitic viruses. They search for COM files, and write themselves to the end of the file. They contain the strings:
“Nuke.Awake”:
<< AWAKE! >> John Will Die Some Day! TheN HaTs Off to HiM-AWAKE!
WE ALL GET OLD AND DIE! DeathBoy will be the DEATH-of John someday!
He told me he is fooling him
NuKE/ARIS/VA/SUKZ/BaD/CoDE -COPY-WRITE 1994 MuTaTiON_INTERRUPT-
“Nuke.Jak.991″:
Jak? EMP
Pentiums Suck!
Enjoyment to those who ignore!
“Nuke.Sirius.402″:
<< Ebbelwoi >> by (-)S?R?US 10-93 D-63225
Nuke.1680
This is a dangerous non-memory resident parasitic virus. It searches for .COM files (except COMMAND.COM), and writes itself to the beginning of the file. Sometimes it erases the disk sectors. It contains the text strings:
*.COM COMMANDE
Virus Created by NuKE- GenVirus V1.51 Licence n? ?id# [NuKE]-93?
Nuke.Bob
This is a benign virus. It leaves a small TSR-program that displays:
Bob Ross lives!
Bob Ross is watching!
Maybe he lives hereall
What a happy little cloud!
Maybe he has a neighbour right here…
You can make up stories as you go along.Never Believe!
Nuke.Clock
In March, it formats disk sectors. On Mondays, it leaves a small TSR program that hooks INT 08h (timer) and sometimes summons INT 1Ah (system clock functions) with the random parameters.
Nuke.DC00L.1811
This virus leaves a memory resident program that hooks INT 08h and displays:
SHALOMKnock… Guess who’s There…
Fuck Asi Azulay and Lior Cohen …
It’s Dr. Unknown… 
Fuck Guy Assado for Distributing my Sources…
Use XOPEN, MAN!!! FUCK Stick-Buster!!!
ViSiON-X is Some C00L Program !!!
Call to Support board: +972-X-XXXXXX !!!
TNTVIRUS is SHIT!!! Cpav is SHIT!!! Use McAfee!
But… McAfee is SHIT too…
Borland is the BEST…
Too bad, you didn’t make Backup for your HD…
I Wonder, What INT 13h Does with AH=05…
Just kiddin’… Ya know?
GUY ASSADO IS MONGOL!!!
COOLNESS is FOREVER!!!
It also contains the string:
D-C00L-1 ViRUS
Nuke.Deadpool
Sometimes it displays:
Deadpool by Phalcon/Skism
Nuke.Elvis
Sometimes it hooks INT 8 (timer), stays memory resident and displays the messages:
ELVIS lives!
ELVIS is watching!
Don Maybe he lives here…
Is he really dead? Or Here?
Maybe he has a neighbour next door…
You can make up stories as you go along.
(C)1991 Elvis/VFriend, INC. All rights reserved.
Congratulations, you are now infected with the Elvis Virus.
Nuke.Howard.967
This is a benign non-memory resident parasitic virus. It searches for .COM files, and writes itself to the end of the file. It blinks with NumLock/CapsLock/ScrollLock indicators, and contains/displays the text strings:
I’m not working until Howard Stern is done @ 11:00 am !
Bow down before the King
Smile … [NuKE] loves you
I’m not working until Howard Stern is done @ 11:00 am !
1234567890!@#$%^&*()ascii
(c) Ba Ba Stupid…
Remember Studderin’ John Robin, I love You! Long Live [NuKE]
Georgia needs Howard Stern
Nuke.LoneWolf.867
Overwrites the files with the string:
[Lone Wolf] 1993 KillRaven – Independant
Nuke.Marauder.a and b
These are dangerous viruses. On February 2nd, they write the command INT 20h to files (return to DOS). They contain the text:
[Marauder] 1992 Hellraiser – Phalcon/Skism…
Nuke.Ministry
This is a benign virus. It leaves a small TSR-program that displays:
I Get a Flashback!
I’m Burning Inside!
Breathe You Fucker!
Jesus Built My Hotrod!
Everyday is Halloween!
The Ministry Virus – Written by NegativX – (c) 1991 -SiTT-
Nuke.Nuke5 and Nuke.Testing
These are harmless viruses. They hook INT 21h, and write themselves to the end of COM and EXE files that are executed. They contain the text strings:
“Nuke.Nuke5.478″: [PS/G?] NuKe [NukE5]
“Nuke.Testing.438″: [PS/G?] Testing [G2 A]
Nuke.Pox.630
This is a benign memory resident parasitic virus. It hooks INT 21h, and writes itself to the end of COM files that are executed. Depending on the system time it decrypts and displays the following messages:
It’s past 9pm. Get off the computer and go to bed!!!
And remeber this would not have been possible if there
weren’t any Youngsters Against McAfee
Admiral bailey [YAM]
Nuke.Pox.609,955,963
These are dangerous memory resident encrypted parasitic viruses. They hook INT 9 and 21h, and write themselves to the end of COM and EXE files (“Npox.609″ infects COM files only) that are executed. On the 24th of any month when the ‘S’ key is preseed, these viruses format the hard drive sectors. The viruses contain the text strings:
“Nuke.Pox.609″: Rock Steady/NuKE
“Nuke.Pox.955″: NukE PoX V1.1 – R.S
“Nuke.Pox.963.a”: Evil Genius V2.0 – R.S/NuKEC:\COMMAND.COM
“Nuke.Pox.963.?”: (c) 1992 by Igor Ratzkopf – All Rights Reserved July R
Nuke.Pox.1482,1686,1708,1722,1800,1844
These are memory resident parasitic stealth viruses. They hook INT 21h, and infect the COM and EXE files that are executed or closed. The EXE files may be infected in an incorrect way; they halt the computer being executed. When an infected file is opened, the viruses disinfect it. The viruses contain the text strings:
“Nuke.Pox.1686″: NuKE PoX V2.1 – Rock Steady
“Nuke.Pox.1800″: NuKE PoX V2.0 – Rock Steady
“Nuke.Pox.1844″: Death by Miscgenation DIE WHITE GOYIM DIE! ’94(c) IsRaEl
Details
Nueva.1942
It is a very dangerous nonmemory resident parasitic virus. It searches for EXE files, then writes itself to the end of the file. Depending on some conditions the virus erases CMOS and sectors on A: and B: drives. The virus contains the text strings:
*.?XE *.?OM *.*
(c) IMV
GALIZIA 99
IMV vK&S ’95
!!!!!!!1995:Una nueva era de terror informático. IMV lo promete.
Details
Nucleii.200
This is a very dangerous non-memory resident parasitic virus. It searches for all files in all directories, then overwrites the files. After infecting the 4th file, the virus erases sectors on the B: drive. The virus contains the following text string:
nUcLeii~.E=mc2
Details
Nucleii.1388
This is a benign non-memory resident encrypted parasitic virus. It searches for COM files, then writes itself to the end of the file. On the 30th of any month, the virus displays the following messages:
+————————- F-PROT anti-anti-virus program——————+
| Version 1.0 nUcLeii Software International |
+————————————————————————–+
Scan +——————————————+
| Too bad your now infected with the frisk |
| virus. Sorry.,.hehe., but thats the way |
Options | shit works. If you weren’t stealing soft |
| ware, or trying to get p0rn or something,|
| then this might not of happened. |
Infomation | Don’t buy products that harass their user|
| Stay away from things like McAfee, Norton|
| Invircible, err well,.hehe., seems like |
Quit | everyone is selling out these days.,,. |
| |
| Greetings to fridrik and frisk software. |
+——————————————+
+————————————————————————–+
|Information about antivirus scanners, and how most are just crap not worth|
|wasting your money on. Hope this is “nit-witty” enough for ya fridrik!!! |
+————————————————————————–+
The virus also contains the “copyright” text:
** frisk by nUcLeii 9/09/98
Details
NTZ Family
These are nonmemory resident encrypted parasitic viruses. They search for .COM files, then writes themselves to the end of the file.
“NTZ.397″ is a dangerous virus, it deletes the files with NTZ extension. That virus contains the text string:
*.NTZ *M.COM
Details
NTU Family
These are memory resident parasitic encrypted viruses. They hooks INT 21h and write themselves to the end of EXE files.
NTU.Amour.3312
It is a dangerous polymorphic stealth virus. It infects EXE files that are executed or opened. It contains the text strings:
L’AMOUR v1.1 by NTU BACTERIOPHAGE LAB S/N TM1-
following by the decimal number of its generation. In some cases it erases CMOS memory and hard drive sectors.
NTU.T4.2138
It is a harmless virus. It infects EXE files that are executed. It contains the text strings:
T4
Griffe
T4 virion —– by NTU BACTERIOPHAGE LAB
There Once Was A King, Who Called For The Spring
For His World Was Still Covered In Snow
But The Spring Had Not Been, For He Was Wicked And Mean all
Here I’m Sitting And It’s Getting Cold
The Morning Rains Against My Window Pane
While The World Looks So Cold And Grey
In My Mind I Dream Away
Then I’m On My Way To Tropic Islands
You’d Always Say I Was A Dreamer
You Were Right
What Do I Say When It’s All Over ?
And SORRY Seems To Be The Hardest Word …
Details
Ntit.1254
These are harmless nonmemory resident parasitic viruses. They search for .COM files and writes themselves to the beginning of the file. While infecting “Ntit.1578″ renames the file to XXXXXXXX.VIR, then infects it, and renames back to original name. These viruses contain the text strings:
NTIT-4IM2
*.COM
and “Ntit.1578″:
xxxxxxxx.vir
A-T-T-E-N-T-I-O-N: VIRUS FOR RESEARCH ONLY ! (C)1994 By Lin
Tzuoh-yi,National Taiwan Inst. of Tech.,Dept. of Information
Management,e-mail:b8109006@cs.ntit.edu.tw
Details
NSD.266
It is a dangerous nonmemory resident parasitic virus. It searches for .COM and C:\COMMAND.COM files, then writes itself to the end of the file. Depending on the system timer it sets the graphic video mode (INT 10h, AX=0013h), displays the message and halts PC:
SYSTEM ERROR: DMA DENIED.
The virus also contains the text string:
c:\command.com
*.com
NSD