Details
Pifpaf.760
It is a harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed. It contains the text:
PIF-PAF B v1.0
Nincs kegyelem !
Details
Pieck.2016
It’s a not dangerous memory resident multipartite virus. On execution it checks the DOS version and infects MBR and installs itself into the memory under DOS 5.x and 6.x only. It hooks INT 12h, 13h, 1Ch, 21h and writes itself at the end of EXE-files are executed or opened.
On March, 3th it displays the message: “Podaj haslo ?”, waits for “pieck” entry and displays “Pozdrowienia dla wychowankow Pieck’a.” if “pieck” is entered, in another case it displays “Blad !”.
Details
Pieces.1374
This is not a dangerous memory resident parasitic virus. It hooks INT 9, 13h, 21h and writes itself to the end of EXE files that are executed or opened. Depending on the number of keys that were pressed, the virus displays the message:
One of these days I’m going to cut you into little pieces
This Trojan program is designed to provide remote management of systems running UNIX-type operating systems. It is a Perl scenario. It is approximately 14KB in size.
This Trojan program is designed to provide remote management of systems running UNIX-type operating systems. It is a Perl scenario. It is approximately 12KB in size.
This malicious program is designed to conduct Denial of Service attacks on a remote server. It is a Windows PE EXE file. It is 14336 bytes in size. It is written in Visual Basic.
This Trojan has a malicious payload. This Trojan is a BAT file. It is 497 bytes in size.
Installation
Once launched, the Trojan copies its body to c:\me9yrs.bat.
It also creates the following directories:
%Work%\URFUCT
%Work%\DIE
%Work%\PERVERT
%Work%\YOU\FUCKIN\PERVERTS\WILL\ROT_IN\HELL
Details
Picket Family
These are very dangerous memory resident encrypted parasitic viruses. They hooks INT 21h (”Picket.1034″ hooks INT 1Ch also) and write themselves to the end or to the middle of COM files.
While inserting into the middle of the file they search for the data area that contains the constant byte, then store that byte and overwrite that area with the virus copy. That routine contains several errors, and the file size can grow more than 64K while infecting, and the file stays corrupted.
These viruses contain text strings in Russian.
Details
Piazzolla.874
It is a harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the beginning of .COM files (except COMMAND.COM) that are executed. While infecting it creates the file PIAZZOLL.$$$ and writes into this file its body and then the body of the file, then it deletes original COM file and copies the file PIAZZOLL.$$$ into that file, and then deletes the PIAZZOLL.$$$ file. The virus contains the text strings:
Piazzolla
COMMANDCOM
Piazzoll.$$$
Details
Piaf.1859
It is not a dangerous memory resident parasitic encrypted virus. It hooks INT 21h and infects COM and EXE files that are executed, opened or renamed. It writes itself to the beginning of COM files and to the end of EXE files. It does not infect the files with the names which begins with two symbols that present in the string:
NDIOOSUVRAIVFP
I.e. the virus does not infect the files ND*.*, IO*.*, etc.
If this virus cannot install its TSR copy, it displays the message “Incorrect DOS version” and returns to DOS. While installing it traces INT 13h, 21h and searches for specific code in DOS code area, that information is used while infecting the file to disable antiviral monitors.
Some infected files display when they are executed:
This virus also contains the text strings:
PIAF
EXECOM
Details
PI.2048
It is a very dangerous memory resident parasitic virus. It hooks INT 8, 13h, 21h, 24h and writes itself to the end of EXE files that are executed or opened. If the day number is equal to the month number, and the minutes are equal to the hour, the virus formats the disk sectors. The virus contains the text strings:
PI v2.0 (C) 1995 BREAM.
Pretorianie niszcza aby tworzycall
Pozdrowienia dla p. Marka Sella skladaja pracodawcy.
Details
Phx Family
These are very dangerous memory resident parasitic viruses. They hook INT 21h and write themselves to the end of COM and EXE files. Several of the viruses contain the text “PHX”.
“Phx.823,1015″ hook the INT 21h function Open (AX=3D02h) and check the code of program which performs that call. The viruses compares that code with the list of specified masks, and if that code is in the list, “Phx.823″ virus resets computer, “Phx.1015″ corrupts the data while writing to the files.
“Phx.965,1289,1336″ in some cases change one byte of information while writing to disk file.
Details
Phrase.1568
This is a relatively harmless non-memory resident parasitic encrypted virus. It searches for .COM files, then writes itself to the end of the file. On Tuesdays, the virus plays a tune.
Details
PHP.Virdrus
This is one of the few currently known viruses which infect PHP (Hypertext Preprocessor scripting language) script programs.
The virus only operates in systems that have PHP-interpreter installed.
When launched, the virus searches the current directory for PHP files and infects them by writing itself the the beginning of each file.
Before infecting a file, the virus searches it for the text string
VirusQuest
. If it finds this string, it will not re-infect the file.
The virus contains the following text strings:
Virus: VirusQuest
Written by Dr Virus Quest
Created on 08/09/2003
Details
PHP.Pirus
This is the first known virus infecting PHP script programs (Hypertext Preprocessor scripting language, see http://www.php.net for more details). It was discovered in October 2000.
When the virus is activated, it looks for all .PHP and .HTM files in current directory and infects them. The infection is done in quite silly way. The virus does not write its complete code to the file, but just a reference to the virus file: the virus adds one command to the end of the file, and that is “include virus file” command that refers to virus code.
When an affected file is opened, the PHP scripting machine processes that “include” command as well, gets (reads) complete virus code from virus file and activates it.
As a result, the virus copy presents on the computer in just one instance. All infected files just refers to that copy. Because of that infection way the virus cannot spread from a computer to other computers, but is able to operate inside one computer only.
The virus contains the text “pirus.php”.