Details
NRead.1467

This is a very dangerous memory resident parasitic virus. It hooks INT 8, 9, 13h, 21h, and 28h. The INT 21h hooking is used for file infection - the virus writes itself to the end of .COM files that are executed or opened. INT 2Fh hooking is used for a “Are you here?” call when the virus is installing itself memory resident. Other hooks summon a trigger routine that in February displays a message and deletes all files on the current disk. The message appears as follows:
Network Read CRC Error
Re-reading Packet

Details
Nr.300

It is a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of .COM files that are executed. The beginning of infected files contain the text strings “Nr”. Sometimes this virus overwrites CMOS memory.

Details
NoWin.2576

It is not a dangerous memory resident parasitic encrypted virus. It hooks INT 9, 21h and writes itself to the beginning of COM and to the end of EXE files that are executed or closed. When an infected file is opened, the virus disinfects it. While executing WIN.* file the virus reboots the computer. In some cases the virus beeps by PC speaker. The virus contains the text strings:
Copyright (c) 1993-94 XY, Zielona G¢ra.
R_H
|PL|

Details
Nowi.1327

It is a dangerous nonmemory resident parasitic virus. It searches for COM files and writes itself to the end of the file. In some cases the virus corrupts the files while infecting them. The virus decrypts and displays the messages:
Out of enviroment space.
Not enough memory.
Analyzing configuration. Please waitall
Hej Sell! Czy to bylo tego warte? (c) by Nowicjusz

Details
Novosibirsk.1000

It is a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed or accessed. When any infected program is executed the virus also searches for first EXE file in current directory and infects it.
The virus uses not accurate way to install itself into the system memory. As a result it can halt the system. The virus cancels access to hidden disk files by DOS Find calls, as a result the hidden files on computer stays “invisible” for DOS file managers and “DIR /AH” command. The virus contains the text strings:
WRA
NOEMS
Novosibirsk

Details
November17.522

These are dangerous memory resident parasitic viruses. They hook INT 21h and write themselves to the end of COM and EXE files that are executed, “November17.584″ infects COM files only. They use the address of INT 83h as the virus ID-word. Depending on the current time these viruses erase CMOS or disk sectors. “November17.584″ hooks INT 8, 9 and manifests itself with a sound effect.
Some versions of these viruses contain the string “SCAN.CLEAN.COM.EXE” and do not infect the SCAN.EXE and CLEAN.EXE files.

Details
Nova.a

It is a harmless memory resident boot virus. It hooks INT 13h, 1Ch and writes itself into MBR of the hard drive and boot sectors of the 1.2Mb floppy disks. The virus does not change the size of the system memory (the word at the address 0000:0413). On installation the virus decreases that number, waits for DOS loading (by hooking INT 1Ch), and then increases the size of the system memory.

Details
Nov7.482

It is a very dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are executed. On November, 7th it displays:
Format all

and erases the hard drive sectors.

Details
NotStoned.1349

It is not a dangerous memory resident parasitic virus. The virus hooks INT 8, 28h, and in random time intervals searches for COM-files and writes itself to the file end. To prevent system hang-up the virus also hooks INT 9, 10h, 13h and checks DOS system data before executing infection routine.
If the system date is December 6, 1994 the virus decrypts and displays the message:
Don’t legalize Marijuana. Your computer is not stoned.

Details
Nothing

This is a dangerous memory resident parasitic virus. It copies itself to the system memory at the address 9800:xxxx and does not fix MCB list, that may halt PC. Then it hooks INT 21h and writes itself to the end of .COM files that are opened.

Details
Not.574

These are harmless memory resident parasitic viruses. They hook INT 21h and write themselves to the end of COM files that are executed. The viruses do not manifest themselves in any way.

Details
not-virus:Joke.Win32.JepRuss
Jep/Russ is a joke program - it is not a virus or a Trojan program. It displays too scaring messages that can really frighten users. When this program launches it displays a standard message window with the text:
Please Wait. Initialisingall

In a moment it displays a dialog box with the following text:
Confirm Folder Delete
Are you sure you want to delete the folder [Windows] and all its contents ?
[Yes] [No]

The ‘[Windows]‘ reference designates the directory where Windows is installed. Regardless of a user’s reaction, including sitting motionless afraid to touch any key, the program then displays the standard Explorer and ‘File Deleting’ windows and proceeds to emulate the file and folder deletion process. When the fake display indicates ‘no files remaining’, ‘Jeb/Russ’ displays the standard Windows shut-down menu with disabled (gray) [No] button and the following text:
Shut Down Windows
Windows has detected there is no system software on your computer

(*) Shut down the computer?
( ) Restart the computer?
( ) Close all programs and log on as a different user?

[Yes] [No] [Cancel]

The below message is then displayed:
Thank god this is only a game…

Note: The detection process for this joke program has been added to AVP database.

Details
not-virus:Joke.Win32.FakeFormat.a

Fake Format simulates the Windows format functionality.
Once the program is run, no matter which buttons are chosen, Fake Format starts to format the drive. The user is unable to stop, interrupt, or cancel this format. Once the fake formatting has been completed, the standard Windows format summary appears. Once the user has closed this summary screen, the button actually closes the program.

Details
not-virus:Joke.Win32.Errore

This “bad joke” simulates the Windows format functionality.
When it is executed, it displays several fake “error messages” such as:
Errore interno di Windows 345 all’indirizzo 4E6F:942A
Errore interno di Windows 591 all’indirizzo 93C0:6210
Errore interno di Windows 712 all’indirizzo 7ED5:89C2
Errore interno di Windows 128 all’indirizzo 6542:EF21
Errore interno di Windows 591 all’indirizzo 63F0:81B2
ERRORE FATALE 14
Then it displays a dialogue box asking about formatting the C: drive:
Sei veramente sicuro di voler formattare l’hard disk?
[Yes] [No] [Cancel]
Independent of the button being pressed, the program simulates a drive formatting window. The user is unable to stop, interrupt, or cancel this “format.” Once the fake formatting has been completed, the standard Windows format summary appears. Then the program displays garbage data on the screen, some more messages, and finally exits.

Details
not-virus:Joke.JS.Spawn.b

Spawn is a “joke”. Once launching the Java-script contained within the infected document’s html a user’s Internet Explorer browser window begins to move around. Besides this several more IE windows open in the background.