Details
Sepultura.242
It is a harmless memory resident parasitic virus. It copies itself to the Interrupt Vectors Table, hooks INT 21h and writes itself to the end of COM files that are executed. It contains the text string:
[242] Sepultura
Details
Sepultura.206
It is a harmless memory resident stealth boot virus. It hooks INT 13h and infects boot sectors of floppy disks and the MBR of the hard drive. The virus does not manifest itself in any way. It contains text-like string:
[2?ü]SÉpùL ürÆ
Details
Sentinel Family
These are harmless(?) memory resident parasitic viruses. They hook INT 21h and write themselves to the end of COM, EXE and OVL files that are executed, opened or renamed. These infectors were written in Pascal language. They contain the encrypted text:
You won’t hear me, but you’ll feel meall (c) 1990 by Sentinel. With thanks
to Borland
Details
Seneca.392
It is a very dangerous nonmemory resident parasitic virus. Being executed it searches for .EXE files and overwrites them. On November, 25th it displays:
HEY EVERYONE!!!
Its Seneca’s B-Day! Let’s Party!
and erases the sectors of the current drive. Sometimes it also displays:
You shouldn’t use your computer so much,
its bad for you and your computer.
and erases the sectors.
Details
Senda.4162
It is a dangerous memory resident encrypted multipartite virus. It writes itself to the end of .COM files and infects the MBR of the hard drive and boot sector of floppy disks. To intercept system events the virus hooks INT 13h, 21h. The virus has a bug and infect Windows’ COMMAND.COM. As a result the virus corrupts the COMMAND.COM and the system halts. The virus contains the text:
- Senda, dedicated to my love PL -
Details
Semtex Family
These are memory resident not dangerous viruses. They hook INT 8, 21h and write themselves to the end of .COM files that are opened or executed. Sometimes they fill the screen with random data. They contain the texts:
“Semtex.515,619,1000.a”:
S E M T E X by Dusan Toman, CZECHOSLOVAKIA (7)213-040 or (804)212-23
“Semtex.686″:
!!! explosive !!! S E M T E X !!! explosive !!!
Written by Dusan Toman, CZECHOSLOVAKIA Pyrotechnician Lilo Hedera
(7)213-040 or (804)212-23
“Semtex.1000.b”:
S E M T E X by Dusan Toman, CZECHOSLOVAKIA *** Have a nice day ***
Details
Selectron Family
These are not dangerous memory resident parasitic viruses. They hooks INT 21h and writes themselves to the end of COM (”Selectron.1800″) or EXE files that are executed or opened. They contain the text strings:
“Selectron.1112″: (C) Selectronics Software
“Selectron.1258″: Digouter”01/15/88″
(C) Selectronics Software
“Selectron.1800″: (C) Selectronics Software
Virus has been disabled.
Countdown to Extinctionall
“Selectron.1112″ also hooks INT 8, 9. On Sunday when Alt-Ctrl-Del keys are pressed, it manifests itself with the video and sound effects.
“Selectron.1258″ hooks INT 9, 10h, 1Ch. Under debugger is beeps with PC speaker and reboots the computer. When Alt-Ctrl-Del keys are pressed, it slowly turns the screen off by using VGA card features.
“Selectron.1800″ is the encrypted virus. On Friday, 13th or depending on the host file name the virus displays:
Countdown to Extinction…
and manifests itself with the sound and video effects.
Details
Segal.552
It is a harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the end of EXE files that are executed. The virus does not manifest itself in any way. It contains the text:
-SEGAL(c)MM
Details
SeeYou family
These are very dangerous memory resident partly encrypted boot viruses, stealth. They infect the boot sector of C: drive as well as boot sector of floppy disks. While loading from infected disk they reserve a block of memory by decreasing the size of DOS memory (the word at the address 0000:0413), copy themselves to that block, hook INT 13h, wait for DOS loading process, hook INT 21h and on first execution of DOS program (usually - COMMAND.COM) they allocate a block of DOS memory, copy themselves to there and restore the original size of DOS memory. As a result they hide themselves between DOS kernel and resident copy of COMMAND.COM.
Depending on the system date they erase disk sectors and displays one of the messages:
See you later all
Happy birthday, Populizer !
Details
Seeg family
These are dangerous nonmemory resident polymorphic parasitic viruses. They searche for COM files, then write themselves to the end of the file. The virus polymorphic engine has bugs, and as a result in some cases the viruses corrupt files while infecting them. Depending on the system timer the virus displays the messages:
“Seeg.1422″: -= [SEEG] Serg_Enigma EncryptioN GeneratoR v0.01 =-
“Seeg.1698″: -= [SEEG] Serg_Enigma EncryptioN GeneratoR v1.0b =-
“Seeg.1870″:
+———————————-+
| Serg Enigma present: |
| New MUTANT-VIRUS with [SEEG] |
| Serg_EnigmA EncriptioN GeneratoR |
| Version 1.0 beta 25.10.96 |
+———————————-+
This Trojan is a Windows PE EXE file. It is approximately 27KB in size.
Installation
Once launched, the Trojan copies its executable file to the Windows system directory:
%System%\NTdhcp.exe
In order to ensure that the Trojan is launched automatically each time the system is booted, the Trojan…
This Trojan downloads another malicious program via the Internet and launches it on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. It is 1365 bytes in size. It is packed using FSG. The unpacked file is approximately 27KB in size.
This Trojan downloads another malicious program via the Internet and launches it on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. It is 4096 bytes in size.
This Trojan opens web sites without the knowledge or consent of the user. It is a Windows PE EXE file. It is 3072 bytes in size. It is written in C++.
This Trojan opens web sites without the knowledge or consent of the user. It is a Windows PE EXE file. It is 3584 bytes in size. It is written in C++.
Installation
When launching, the Trojan causes the following message to be displayed:
It then copies its executable file as follows:
C:…