Details
Crasher.439
This is a harmless memory resident parasitic virus. It does not manifest itself in any way. It hooks INT 21h and writes itself to the beginning of COM files that are executed. The virus contains the string:
(C) CRASHER X
Details
Crash.600
This is a not memory resident benign virus which searches for COM files and infects them by a standard manner. Sometimes types the random signs on the screen.
Details
Crash.543
This is a not memory resident benign virus which searches for COM files and infects them by a standard manner. On Friday, 13th it types:
That could be a crash, crash, crash !
Details
Cracky.596
This is a memory resident parasitic virus. It writes the TSR part into the DOS data area, hooks INT 21h and infects by a standard manner the COM files upon their execution. It contains the mask string “*.com”. On April, 1st it erases the disk C: FAT sectors, it also contains the text “Milena”.
Details
Cracky.546.a
This is a memory resident parasitic virus. It writes the TSR part into the DOS data area, hooks INT 21h and infects by a standard manner the COM files upon their execution. It contains the mask string “*.com”. It sometimes types “Cracky !”.
Details
CPXK Family
These are harmless not memory resident parasitic viruses. They search for .COM-files and write themselves to their ends. They contain the internal text strings:
CPXK
*.COM
Details
Cpw.1459 / Cpw.1527
This is a dangerous memory resident virus. It hooks INT 16h and 21h, and infects COM- and EXE-files by a standard manner upon accessing to them. On May 27th, it types: “Feliz cumpleaños CPW!” and hangs up the computer. It also changes the key scancodes and contains the following text strings:
Este programa fue hecho en Chile en 1992 por CPW.
C:\COMMAND.COM
You are here CPW!
It contains the encrypted file names list:
îÄCNCGUARDEMSCPAVSCANCLEANFINDVIRUCHKVIRUS
and does not infect the files from this list. This infector can also delete these files.
Cpw.1527
This is a memory resident dangerous parasitic encrypted virus. It hooks INT 21h, and writes itself to the end of COM- and EXE-files. On September 11th, December 28th, and May 27th it deletes the files. It contains the internal text strings:
CPW fue hecho en Chile en 1992, VIVA CHILE MIERDA!
C:\COMMAND.COM
It contains the following list of file names which are deleted:
GUARD guard CPAV SCAN CHKVIRUS CLEAN TOOLKIT VSAFE CHKLIST.CPS
Details
CPSU.2535
It’s a memory resident not dangerous virus. It hooks INT 21h and infects by a standard manner COM- and EXE-files. It displays the old soviet communist slogan.
Details
Cowboy.2483
It is a very dangerous nonmemory resident parasitic virus. It searches for COM and EXE files, then writes itself to the end of the file. The virus does not infect the anti-virus programs and utilities: IBM*.*, NAV*.*, SCAN*.*, CLEAN*.*, F-PROT*.*, V*.*, FINDVIRU.*.
In February, on Thursday at 9:xx, 10:xx, 15:xx the virus erases the disk C: sectors. The virus contains the text string:
IBMNAVSCANCLEANF-PROTVFINDVIRU
\ *.* *.com *.exe
Have you ever danced with the devil under the pale moon light?
This program was written in the state of Texas(C) 1994-95 Dark Cow-boy
Details
Coup.2052.b
This is very dangerous memory resident multipartite virus. When an infected file is executed, the virus infects the MBR of the hard drive and then returns to DOS. While loading from infected MBR the virus cuts a block of the system memory, copies itself to there, hooks INT 13h, 1Ch and returns control to the original MBR code.
By hooking INT 13h the virus realizes a stealth routine while accessing to the infected MBR. By hooking INT 1Ch (timer) the virus waits for DOS loading process, hooks INT 21h and then writes itself to the end of .COM and .EXE files (except COMMAND.COM) that are executed. The virus checks the file names and corrupts several anti-virus scanners: SCAN, MSAV, PART*, CLEAN, VSAFE, TOOLKIT, GUARD, FINDVIRU. The virus overwrites them with a trojan program that displays the message:
If you are boy,go and play ball !!
Otherwise,Our “Blind Date” every day in “4-Bagh” at 6-9(pm).
Details
Coup.1957
This is very dangerous memory resident multipartite virus. When an infected file is executed, the virus infects the MBR of the hard drive and then returns to DOS. While loading from infected MBR the virus cuts a block of the system memory, copies itself to there, hooks INT 13h, 1Ch and returns control to the original MBR code.
By hooking INT 13h the virus realizes a stealth routine while accessing to the infected MBR. By hooking INT 1Ch (timer) the virus waits for DOS loading process, hooks INT 21h and then writes itself to the end of .COM and .EXE files (except COMMAND.COM) that are executed. The virus checks the file names and corrupts several anti-virus scanners: SCAN, MSAV, PART*, CLEAN, VSAFE, TOOLKIT, GUARD, FINDVIRU. The virus overwrites them with a trojan program that displays the message:
Coup De Main : In Childhood taught me to Love
Now that I Love Frenzied,Said me Forget !!!
Details
Costin.703
It is a harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the end of EXE files that are executed. The virus also hooks INT 9, 28h, 2Fh but does not use these hooks in any way, except INT 2Fh. The only intercepted function in INT 2Fh virus handler is virus’ “Are you here?” call to detect its resident copy.
The virus contains the text strings:
COSTIN
Hi hacker !
If you change this code your system will crash and burn !
Bye hacker !
Despite on this text the virus does not perform any action if its code it modified. The only one hack may cause system crash: the text “COSTIN” is used as a part of virus code, so if this text is changed the system may halt.
Details
Costeau.512
It’s a memory resident harmless parasitic EXE-virus. On execution it checks the DOS version and if it is not DOS ver 3.x the virus passes the control to the host program. If the current DOS is 3.30 the virus copies itself into the DOS system buffer and hooks INT 21h. Then it infects the EXE-files that are executed. It contains the internal text strings: “COSTEAU”, “End.”.
Details
Cossiga.883.a
These are not memory resident parasitic viruses. They search for .EXE-files and write themselves to their ends.
“Cossiga.883, 883.b” are not dangerous, they display the message:
COSSIGA ?! NO GRAZIE!
By Amissi dee Panoce (c) 1991 PADOVA
They contain the internal texts also:
“Cossiga.883″: AEGE/B V 1.2
“Cossiga.883.b”: CLAUDIA SCHIFFER TO P MODEL - COSSIGA VIRUS AEGE/B
“Cossiga.859″ is dangerous virus, depending on the system timer it erases disk sectors and displays:
TE LO SEI PRESO NEL CULO !
Details
Corrupt.1033
It is not a dangerous nonmemory resident parasitic virus. It searches for COM files, then writes itself to the beginning of the file. When an infected file is executed on a floppy drive, the virus displays the blue and red colored message:
COR-
RUPT
VIRUS
The virus contains the text strings:
C0RrUpT bY CiBeRb0B
*.com