Details
Armee.b
This is a dangerous memory resident boot infector. It infects the boot sectors of the floppy disks and the hard drive MBR.
The virus infects the hard drive while loading from an infected floppy disk. Then it hooks INT 13h, and infects the floppy disks that are accessed – these floppies are infected by the “Brain” method. On February 11th the virus displays a message and erase the disk sectors:
Ausländer raus aus der Schweiz !
Details
AP.a
This is harmless stealth boot virus. It hooks INT 13h and hits boot sectors of floppy disks and MBR of hard drive the same way as Stoned viruses do. AP viruses contains ID-word “AP”.
Details
Advent.Cookie.2232
This is non-resident harmless virus that upon execution, infects COM and EXE files. It infects EXE files in a standard way, and in COM files, it replaces the first 23h bytes in the file beginning with a jump to the virus body.
This virus types “I want a COOKIE !”, waits for clicking on the ‘cookie’ letters and then types: “BURPSall..”.
Details
Adrenalin.571
It is a dangerous nonmemory resident parasitic virus. It searches for .COM files, then writes itself to the end of the file. The virus leaves the part of code in the system memory, hooks INT 21h, intercepts FindFirst/Next DOS calls, and returns “decreased” lengths of the infected files. In some cases the virus overwrites the files with trojan program. While executing that program erases CMOS and displays the message:
ADRENALIN OVERDOSE error. System dead.
Details
Adolf.475
It is a very dangerous memory resident virus that by standard way hits COM- and OVL-files at they loading into memory. The virus copies its TSR part into interrupt vector table at address 0000:0200. It contains a text “Adolf Hitler”. With a probability of 1/8 it stops a file deleting, hooks INT 21h.
Details
AdiPop.485
It is a dangerous memory resident parasitic virus. It copies itself into Interrupt Vectors Table, hooks INT 1Ch, 21h and writes itself to the end of COM files that are executed. Depending on its counters the virus hooks INT 9 and beeps by PC speaker. The virus has bugs and may halt the system.
Details
Adin.1488
This is harmless memory resident parasitic virus. It hooks INT 21h and writes itself at the end of COM and EXE files (except COMMAND.COM) and AIDSTEST.EXE.
It infects the files are renamed, closed, or accessed in some other ways.
Details
ADI.1431
These are dangerous memory resident encrypted parasitic viruses. They write themselves to the end of COM files. While infecting a file the viruses encrypt not only its code, but whole contents of the file. The viruses have bugs and may halt the system while infecting a file.
When an infected file is executed, the virus decrypts itself, hooks INT 22h (DOS Terminate call), returns control to the host program, waits for termination call, then hooks INT 8, 1Ch, 21h, 24h. Timer interrupts (INT 8, 1Ch) are used by the virus to disable tracing and debugging. INT 21h is used to intercept access to COM files.
The viruses use several levels of anti-debugging tricks, they also contain the text string:
(c) Beast. Advanced Disk Infector. [ADinf v1.5]
Details
Ada.2600
This is a very dangerous memory resident virus. It hooks INT 8, 13h, 21h and writes itself into the beginning of .COM-files that are started. The virus makes a “cracking” sound through the PC’s speaker. This virus searches for the file PCCILLIN.COM and if this file exists the virus can erase the contents of the Boot-sectors and the FATs of the first HD. While deleting the files this virus sets their file-attributes as HIDDEN. The virus also contains the texts:
COMMAND.COM
PCCILLIN.COM
PCCILLIN.IMG
PCCILLIN.COM
HATI-HATI !! ADA VIRUS DISINI !!
Delete
Details
AD.132
This is harmless nonmemory resident parasitic virus. It searches for COM files in the current directory, then writes itself to the end of the file. The virus contains the ID-byte ADh.
Details
ACV.1342
It’s not dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself at the end of EXE-files are executed. Sometimes it displays the message:
The AC Virus – ACV Version 1.01 , 1993
by
Ahmet Cezayirli
Istanbul University
Electronics Engineering
Details
ACDC.494
This is a harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM files (except COMMAND.COM) that are executed. The virus does not manifest itself in any way, it contains the internal text string:
COMMAND
Details
Accept.3773
This is a dangerous memory resident parasitic encrypted virus. It hooks INT 21h and writes itself at the end of COM and EXE files that are executed. If the file is already infected, the virus searches for other executable files and hits them. The virus contains the internal text string:
COMMANDSCANCLEANNAVCPAVBOOTSAFEVSAFEIB
MAVSHVGUARDVIRTESTVCAREDAILYDISKPART
It checks the file name before infection. If the name is COMMAND, SCAN, CLEAN, NAV, CPAV and so on, the virus does not hit that file. On December, 20th and March, 28th the virus corrupts the disk sectors. The virus also contains the internal text strings:
*.COM *.EXE
747
ME PERDI A ACCEPT, SOY UN PELOTUDO
Details
Accept.3619
This is a dangerous memory resident parasitic encrypted virus. It hooks INT 21h and writes itself at the end of COM and EXE files that are executed. If the file is already infected, the virus searches for other executable files and hits them. The virus contains the internal text string:
COMMANDSCANCLEANVSHIELDNAVCPAVBOOTSAFE
It checks the file name before infection. If the name is COMMAND, SCAN, CLEAN, NAV, CPAV and so on, the virus does not hit that file. On December, 20th and March, 28th the virus corrupts the disk sectors. The virus also contains the internal text strings:
*.COM *.EXE
747
ME PERDI A ACCEPT, SOY UN PELOTUDO
Details
3APA3A
This is a variant of the “3APA3A” virus that hooks INT 16h instead of INT 13h, and tries to hit floppy disks upon each keystroke. It manifests itself with a sound effect.