Details
ReplayII.666.a
It is not a dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are executed. After starts from infected file the virus executes and infects the file:
c:\windows\command\keyb.com
On 14th day of each month the virus sends command to CD-ROM drive. The virus contains the text string:
[replay II]
Details
Renegade.1176
Renegade.1176
It is not a dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself into the middle of EXE files that are executed, opened or closed. On 17th of any month it displays the message:
(C) Renegade 1994. Hello Hacker`s !!!
Renegade.4509
It is a very dangerous memory resident encrypted multipartite virus. It hooks INT 8, 13h, 21h and writes itself into the middle of COM and EXE files that are executed or opened. The virus does not infect the files:
WEB AIDS ADINF HIEW CHKDSK SCAN VSAFE MSAV CLEAN -V
The virus also infects the MBR of the hard drive.
The virus manifests itself in several ways. It corrupts the files, calls some video effects, displays the messages:
Say THANKS to lovely Dr.Web for damage this fileall
Please wait …Hey , LAMER ! Are you all right ?.. Not so good ?..Oh, don’t
be afraid my little baby ,angry wolf if far away !…… bUt I aM sTiLL
HeRe ! AnD i Am HuNGRrry ! Aaarrrgghhh !… YoU iS _fOxPro or
pAsCAL_pROGraMmeR , iSn’t It ?… Oogghh , YeEsss ! I WaNt to EaT YoU NoWww
! NoW YoU WiLL bEcOme ViCTiM of HACKER’s REVENGE !
The virus also contains the text:
(C) Renegade 1995.
Details
Renegade.1176
It is not a dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself into the middle of EXE files that are executed, opened or closed. On 17th of each month it displays the message:
(C) Renegade 1994. Hello Hacker`s !!!
Details
Rencodes.4206
It is a dangerous memory resident encrypted companion virus. It hooks INT 21h and creates companion .COM files when DOS accesses to .EXE files. Depending on the system date and time it renames all files of current directory to FILEnnnn.nnn names, and creates the RENCODES.BRE file with the list of renamed files. The virus manifests itself with some video effect, and contains the text strings:
COMEXE
THIS IS THEVIRUS
File0000.000
\RENCODES.BRE
Details
Remut.1171
It is a harmless nonmemory resident parasitic polymorphic virus. It searches for COM files in the current directory, then writes itself to the end of the file. The virus does not manifest itself in any way. It contains the text strings:
CS
Recursived mutant by CyberShadowall
Details
Remember.818
This is a benign non memory-resident parasitic virus. It searches for COM files, then writes itself to the end of the file. On April 24, it displays the following messages (possibly in Japanese):
óz——————————ó{{
óx [ REMEMBER ] óx
óx óx
óx íx “+ ++ +++ Ñ-ñ +++ íx óx
óx óx
óx |+”u |+Pxí |+”u |”+|+ óx
óx óx
óx b +¿ |úxNÑI++ p óx
óx óx
óx -@ +”+ p” +¿ |o+ ¿+ |”+|+ óx
óx óx
óu——————————ót
óx- Written by Jean July. (C). -óx
ó|ówówówówówówówówówówówówówówówó}
Details
Remember.816
This is a benign non memory-resident parasitic virus. It searches for COM files, then writes itself to the end of the file. On April 24, it displays the following messages (possibly in Japanese):
óz——————————ó{{
óx [ REMEMBER ] óx
óx óx
óx íx “+ ++ +++ Ñ-ñ +++ íx óx
óx óx
óx |+”u |+Pxí |+”u |”+|+ óx
óx óx
óx b +¿ |úxNÑI++ p óx
óx óx
óx -@ +”+ p” +¿ |o+ ¿+ |”+|+ óx
óx óx
óu——————————ót
óx- Written by Jean July. (C). -óx
ó|ówówówówówówówówówówówówówówówó}
Details
Remember.1283
This is a benign non memory-resident parasitic virus. It searches for COM files, then writes itself to the end of the file. On April 24, it displays the following messages (possibly in Japanese):
óz——————————ó{{
óx [ Remember 4.0 ] óx
óx óx
óx íx “+ ++ +++ Ñ-ñ +++ íx óx
óx óx
óx |+”u |+Pxí |+”u |”+|+ óx
óx óx
óx b +¿ |úxNÑI++ p óx
óx óx
óx -@ +”+ p” +¿ |o+ ¿+ |”+|+ óx
óx óx
óu——————————ót
óx- Written by Jean at O.V.E.L -óx
ó|ówówówówówówówówówówówówówówówó}
<<< Welcome >>>
=================================
The OVEL bbs Tel is 02-927-7432
=================================
Details
ReedCat.920
It is a harmless nonmemory resident encrypted parasitic virus. It searches for COM and EXE files and writes itself to the end of the file. It contains a text string in Russian.
Details
RedLaugh.607
It is not a dangerous memory resident encrypted parasitic virus. It hooks INT 21h and when any file is executed, the virus searches for .COM files in the current directory and writes itself to the end of the file. Before infecting a next file the virus turns the screen background to red color and displays the message in Russian and:
01/21/96 by FDD.
Details
RedHack.1405
It is a dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the beginning of COM-files that are executed, opened, or accessed with FindFirst/Next ASCII DOS-functions. The virus scans the files that are executed for the string “Marek Sell”, and reboots the computer if that string is found.
While installing the virus also hooks INT 8 (timer) to prevent debugging, and in some cases reboots computer. The virus contains the text:
(c) Red Hacker, Zielona Góra
Details
RedCode.1513
It is not a dangerous memory resident encrypted parasitic stealth virus. It hooks INT 21h and writes itself to the end of COM files that are closed. On opening or debugging infected files the virus disinfects them. On January 1st the virus displays the messages, runs a video effect and halts the computer:
Viral RedCode Implant
Today’s contest between
Big Butt Gasso and Himmler Fewster
BIIIIIIG BUTT GASSSOOOOall WINSSSSS !!!
FEWSTER BANSSSSS GASSSSOOOOOOOO !!!
The virus also contains the text strings:
The RedCode virus by Wintermute/29A; yeah, not a kickass at all,
but with a funny payload, don’t you agree ?
Watch the payload !
Details
RedArc.327
These are dangerous nonmemory resident encrypted parasitic viruses. They search for COM files in the current directory, then write themselves to the end of the file. The viruses use such complex anti-debugging and anti-detection tricks that this may halt the computer, some of them also may corrupt the files while infecting them.
Depending on the system timer the “RedArc.623,665″ viruses manifest themselves by a video effect. The viruses contain the text strings:
“RedArc.390,415,600″: RedArc // [TAVC]
“RedArc.623″: -=* Red Arc *=-
“RedArc.1000″:
DemoFraud by RedArc // [TAVC]
SGWW, DVC, FotD, SOS group, TAVC, CiD
Details
Reboot.715
This is a dangerous nonmemory resident parasitic virus. It searches for .COM files of the subdirectory tree, then it writes itself to the end of the file and writes to the beginning of the file the Jmp-Virus commands (MOV AX,FFF0h; JMP Loc_Virus). Depending on the system time the virus reboots the computer.
Details
Rebel.1509
This is a dangerous memory resident parasitic virus. It hooks INT 21h, and writes itself to the end of EXE files that are executed or opened. It deletes the files CHKLIST.MS, CHKLIST.CPS, and SMARTCHK.CPS. On the 16th of April, it decrypts and displays the following message:
Happy Birthday KAORI!
Dedicato a tutte le meravigliose ragazze giapponesi
(C) BitLabs (The RebelBase) 1993, N. Italy.