Details
VFSI
It is not a dangerous nonmemory resident parasitic virus. It searches for .COM files, then writes itself to the end of the file. Depending on the current time the virus decrypts and display the message:
HELLO!!! HAPPY DAY and success from virus 1.1 VFSI-Svistov
Details
Vesna.1614.a
This is a benign non-memory resident parasitic virus. It searches for *.COM, *.EXE, CH*.* and *.??? files, then writes itself to the end of the file.
This virus checks the file name, and does not infect the files with the names from the string (two bytes per name - VS*.*, DR*.*, and so on):
drwetbmsmvavaiscadutanatsdncvcdnwiioibvi
This is the encrypted virus. It displays the messages:
éÑß?á “_¿_+á!
Unpress key TURBO to continueall
Format drive c: completed
PRESS RESET TO CONTINUE
Å”_á “¿__ -”_Ñ!
çñÑß_ í_+ êú”__ ä.
æ+___, __… _Tóá-… “Ñ_Ññá_ “_¿óÑ_ éÑñÑ?ÑÑó”_ ï”_¿ßÑ!
VESNA (c) 1994,96 -=* Uni Tula *=-
Details
Vesna.1606
Vesna.1606 is an encoded, non-resident virus, which searches for .com, .— and .exe files, and writes itself to the end of these files.
It does not infect files named “drwetbmsmvavaiscadutanatsdncvcdnwiioibvi”
The virus contains the following lines of text:
÷ÅÓÎÁ ÐÒÉÛÌÁ!
Unpress key TURBO to continueall
Format drive c: completed
PRESS RESET TO CONTINUE
ðÏÒÁ ÐÉÔØ ËÏÆÅ!
úÄÅÓØ ÂÙÌ éÇÏÒØ ä.
VESNA (c) 1994,96 -=* Uni Tula *=-
It will intermittently display one of the lines of text above, causing the system to freeze.
Details
Vesna Family
These are benign non-memory resident parasitic viruses. They search for *.COM, *.EXE, CH*.* and *.°°° files, then write themselves to the end of the file.
Vesna.1000
These viruses infect only .COM files. “Vesna.1000.a” runs itself with a video “noise.” On Friday the 13th, it displays:
Friday 13th ?
Friday 13th all
Friday 13th !
Good bye !
“Vesna.1000.b” on the 22nd of June, this virus searches for EXE files and corrupts them.
These virus contains the text strings:
“Vesna.1000.a”: AIDS
My name is GARRY
“Vesna.1000.b”: *TULA*
*KILLER*
Vesna.1614 and 1700
These viruses check the file name, and do not infect the files with the names from the string (two bytes per name - VS*.*, DR*.*, and so on): “Vesna.1614″: drwetbmsmvavaiscadutanatsdncvcdnwiioibvi “Vesna.1700″: vsdrmswechaiioadscibutvranclavdowiatsdwsidvi “Vesna.1614″ is the encrypted virus. It displays the messages:
éÑß¡á “_¿_½á!
Unpress key TURBO to continue…
Format drive c: completed
PRESS RESET TO CONTINUE
Å”_á “¿__ ¬”_Ñ!
çñÑß_ í_½ êú”__ ä.
æ½___, __… _¶óᬅ “Ñ_Ññá_ “_¿óÑ_ éÑñÑ¡ÑÑó”_ ï”_¿ßÑ!
VESNA (c) 1994,96 -=* Uni Tula *=-
In March, “Vesna.1700″ displays a message, waits for a keystroke, and then reboots the computer:
Bad command or file name
DOS not support!
You have virus!
Press any key to reboot…
This virus also contains encrypted text strings:
*.exe *.com
ch*.* *.°°°
TULA
c:\command.com
Vesna.1833
On the 28th of November, this virus displays:
TYPE “HAPPY BIRTHDAY GARRY” !
On Friday the 13th, it displays the following messages:
Friday 13th !
You have virus !
My name is GARRY …
I fuck your PC !
Details
Veselie.486
This is not a dangerous nonmemory resident parasitic viruses. It search for .COM files, then writes itself to the beginning of the file. The virus displays the message:
Veselie-Virus , Copyright(C) 1994 by SS. SRL!
ATRIA cere un
Details
Verwolf Family
These are not dangerous(?) nonmemory resident parasitic polymorphic viruses. They search for EXE files and write themselves into the middle or to the end of the file. While infecting a file they trace and hook INT 13h and install themselves as device driver (I see not for what reason). Sometimes they leave the memory resident program that hooks INT 21h and triggers while opening some files. The viruses contain the text strings:
“Verwolf.3308″: My name is VERWOLF !
“Verwolf.3502″: My name is VERWOLF1 !
Details
Version.705
It is a very dangerous memory resident parasitic virus. It hooks INT 21h and infects .COM files that are executed. While installing into the system memory this virus uses an incorrect algorithm and can crash the system. This virus contains the text string:
Version Virus .. January 1992
Details
Veronika.1549
It is a dangerous memory resident parasitic encrypted virus. It traces and hooks INT 21h, then it writes itself to the end of COM and EXE files that are accessed. On INT 21h call SelectDisk (AH=0Eh) the virus increases the internal counter, on 80th selection of the floppy disk the virus overwrites the boot sector of that floppy with a trojan program that displays while loading: “VERONIKA”. The virus also contains the text strings:
Veronika
Veronika P.
Details
Verify
It’s a dangerous boot virus. It hooks INT 13h and writes itself into MBR of hard drive and floppy boot sectors. On 25th of each month it substitutes write command (INT 13h, AH=3) to the verify one (INT 13h, AH=4) . It causes damage to files and disk system areas.
Details
Vengence family
These are nonmemory resident parasitic viruses. They search for “*.C*” files and infect them.
Vengence.252,390,435
These are very dangerous viruses. While infecting a file they overwrite the file. They contain the text strings:
“Vengence.252″:
*.C* Vengence-B virus. Lastest release from Swedish Virus Association.
Released 8:th of May 1992. Satan will come and rule his world and his
people!
“Vengence.390″:
*.C* Vengence-C virus. Lastest release from Swedish Virus Association.
Released 8:th of May 1992. Satan will come and rule his world and his
people!
“Vengence.435″ displays:
Vengence-D virus. Lastest release from Swedish
Virus Association. Released 12:th of May 1992.
Satan will come and rule his world and his people!
Vengence.613,639,656,657
These are not dangerous parasitic viruses. They write their bodies to the beginning of the file. They display:
“Vengence.613,639″: Vengence-E virus. Debugging session unlimited.
“Vengence.656,657″: Vengence-F virus. Debugging session unlimited.
Vengence.723
It is a very dangerous virus. It searches for .COM files and writes itself to the end of the file. It erases the disk sectors and displays:
*** Vengeance is ours! ***
SKISM/Phalcon ‘92
Details
Vendetta
It’s a not dangerous memory resident boot virus. It hooks INT 9, 13h and writes itself into MBR of hard drive and boot sectors of floppy disks. It contains a bug and works on PC-XT only. Depending on its internal counter is corrupts keyboard queue. It contains the internal text string:
VENDETTA
Details
Velocet.2000
This is a very dangerous memory resident encrypted parasitic virus. It hooks INT 21h, and infects .EXE files that are executed. While infecting files, the virus encrypts its code and writes itself to the end of the file as overlay data - the virus does not modify the Module Length fields in the EXE header, and, as a result, the main virus code is placed out of actual EXE image. To gain control, the virus writes a 68-byte program to the middle of the EXE file, and sets the EXE Entry Point address to that program. When an infected file is executed, this program takes control, reads the virus code from the host file and executes it.
Starting from generation 8, 256 successfully infected files or on January 19th, the virus erases FAT on the hard drive, decrypts and displays the following message:
Velocet. By Dogorall
Details
Vector.441
It is a dangerous memory resident parasitic virus. It copies itself into the Interrupt Vector Table, hooks INT 21h and writes itself to the end of COM files that are executed or opened. It also intercepts the DOS Write function (INT 21h, AH=40h) and sometimes changes the pointer to the data block that is saved, that can cause crash for the data, as well as to the programs and the system. This virus contains the text string:
V3.0 [VECTOR] (c) Necros the Hacker
Written Aug 1991 in Tralee, Ireland
Details
Vecna
It is a very dangerous memory resident multipartite stealth virus. It writes itself to the MBR of the hard drive, to boot sectors of floppy disks and overwrites EXE files on floppy disks. While executing an infected EXE file the virus infects the MBR, decrypts and displays the message and then returns to DOS. The message is:
Out of memory.
While loading from infected disk (HD or floppy) the virus hooks INT 13h, stays memory resident and infects disks and files.
Under debugger and on Pentium computers the virus displays the message:
Vecna Live all
The virus has quite a serious bug - it may continue INT 13h flow with wrong AX register. That may cause damage for disks, including disk formatting.
Vecna.313
It is not a dangerous memory resident stealth multipartite virus. It hooks INT 21h and writes itself to the end of COM files that are executed. The virus writes itself to the MBR sector when an infected COM file is started, it then returns control back to the host file. On loading from the MBR sector the virus hooks INT 13h that then hides virus code in the MBR sector and hooks INT 21h.
Vecna.Outsider
It is a very dangerous memory resident encrypted multipartite virus. It infects .EXE files and boot sector on floppy disks. EXE files get infection in “DirII” virus way. The virus hooks INT 13h, 28h.
In three month after infecting the computer, or under debugger the virus corrupts the CMOS (writes a password?) and displays the message:
[OUTSIDER]
Esta ? minha vingan?a contra esta sociedade injusta
E eu ainda n|o estou satisfeito
Espere e ver|o…
The virus also contains the text strings:
Written by Vecna/SGWW in Brazil 1997
Vecna.Tron
It is a harmless memory resident boot virus. It hooks INT 1, 8, 13h and writes itself to the MBR of the hard drive and boot sectors of floppy disks. The virus contains the text:
[ORGASMATRON] by Vecna/SGWW in Brazil 1997
To hook INT 13h the virus uses i386 debug registers DR0, DR6 and DR7. By using these registers it sets break point on BIOS INT 13h handler. When this handler takes control the processor generates INT 1, and control is passed to virus INT 1 handler. The virus disables debug break point, checks registers and calls its infection and stealth routines in case of need and then returns to original BIOS INT 13h handler. To reset break point and to keep INT 1 hook the virus uses INT 8 hook (timer).
Details
Vdv.388
This is a non-memory resident very dangerous encrypted virus. It searches for .COM files of the current drive, and writes itself to the end of the file. From December 24th until the 26th, it displays the following message, and overwrites the files with the same message:
___
_____
_______ Fröhliche Weihnachten wünscht
_______
___________ der Verband Deutscher Virenliebhaber
_
Ach ja, und dann wünschen wir auch noch viel Spaß
beim Suchen nach den Daten von der Festplatte!
gez. VDV, Dezember 1990.