Details
Hallow.525
It is not a dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of EXE files that are executed. While installing memory resident it displays the message:
Hallo world!
Details
Hallochen.a
It is a dangerous memory resident parasitic virus. It hooks INT 8, 16h, 21h and writes itself to the end of COM and EXE files. While infecting the COM files the virus also writes to the beginning of the files six bytes of the Jmp-Virus code:
JMP Loc_Virus
DB ?
DW 5555h
Depending on its “generation” the virus “jokes” with the keyboard, periodically it changes the keys that are entered. The virus also slows down the computer by delay on INT 8 (timer) calls.
The virus contains the text:
Hallöchen !!!!!!, Here I’m Acrivate Level 1
Details
Hallo.524
It is not a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM-files that are executed. After infection of each file the virus displays the message:
Hallo my dear friend !!!
Details
Halka Family
These are not dangerous (except “Halka.474″) nonmemory resident parasitic viruses. “Halka.474,720″ are encrypted ones. They search for the files and write themselves to the end of the file. “Halka.474″ infects EXE files, other viruses infect .COM files.
“Halka.474″ erases the disk sectors.
On December, 31th the viruses display the messages:
“Halka.720″:
Este es el virus 786 Version 2.01
Encriptado variable
Echo por –> _¡X__ [_x_]/A.H.D. HALKA/. Industria Argentina
Quemen al muñeco del `94!
“Halka.1000″:
Este es el virus 786 Version 1
Echo por –> _¡x__ [_x_]/A.H.D. HALKA/. Industria Argentina
Quemen al muñeco del `94!
OHH NO, ME HA DESCUBIERTO!!!
Some viruses contain the additional text strings:
“Halka.474″:
Red October (C) >D.V< 1994
Catch if you can
“Halka.720″:
MALDITO, ME HA DESENCRIPTADO!! :{{
Aqui no estoy! <|-)
Details
Haldeman.431
These are very dangerous nonmemory resident parasitic viruses. They search for all files of the current directory by using the mask “*.*”, then write themselves to the end of the file as they are infecting COM files. As a result the non-COM files halt the system being executed, and data files may be corrupted. The viruses display the messages:
“Haldeman.431″:
Fortisan et nostrum nomem miscebitur istis
“Haldeman.614″:
We should change that a little bit. Johns point is exactly right.
The erosion here now is going to you and that is the thing that
we have to turn off at whatever cost. We have to turn it off at the
lowest cost we can, but at whatever cost it takes.
They also contain the text strings:
“Haldeman.431″: Ovid Fortisan Virus Thespian
“Haldeman.614″: Haldeman Virus eMpIrE-X
Details
Hal
It is not a dangerous memory resident boot virus. It hook INT 13 and infects boot sector of floppy disks and the MBR of the hard drive. In some cases it displays the text:
HAL 3001
Details
Hail.673
This is a harmless memory resident parasitic virus. It hooks INT 21h, and writes itself to the end of COM files that are executed. On April 5th, the virus displays the following message:
We say retribution
We say vengance is bliss
We say revolution
With a cast iron fist
Hail and Kill 98
Details
Haifa.2352
These are very dangerous memory resident parasitic polymorphic viruses. They copy themselves to the system memory at address 9000:0000 or 8AA0:0000 and do not fix MCB list, that might halt PC. Then they hook INT 21h and write themselves to the end of .COM and .EXE files. Sometimes they print the screen (by INT 5 call), or halt the computer.
On May, 7th they display the message:
KIRYAT MOZKIN!!!
LOCAL PROCESS INDUS¿Uvs¿UurrrS DONE BY:
SIBEL ,TEACHES
HOW TO MANAGE SHEEP?
Thanks for using Turbo Anti Virus.
PLEASE JMP FE00:0
This virus writes to BAK files:
What is backup for anyway???
BackUp is usually unneccessary!
End..
and to DOC and TXT files:
What’s 455260 MI COUNTACH 5000 CC???
Instead of reading this junk, think about it!
It also contains the texts:
DES of USA Y
COMSPEC=
the Great
They write to the .ASM and .PAS files a small source code:
.model small
.code
s: mov ax,310h
xor cx,cx
mov dx,80h
int 13h
end s
It also displays:
OOPS! Hope I didn’t ruin anything!!!
Well, nobody reads those stupied DOCS anyway!
COMSPEC=HAIFA VIRUS V1.01
WRITTEN BY Y.S.
GUEST STARS: T.S. & I.F.
MADE IN ISRAEL
I AM TIRED. PLEASE WAKE ME UP ON TUE 12.4.3456
PRESS RESET TO CONTINUEall
and contains the text:
CONST VIRUS=’HAIFA’;
Details
Haharin
It is a very dangerous memory resident boot virus. It hooks INT 13h and writes itself to the MBR of the hard drives and boot sector of floppy disks. Depending on its counter the virus erases disk sectors and displays the message:
Haharin is not dead !
Details
Hafen.781
These are not dangerous nonmemory resident parasitic viruses. They search for .EXE files of the subdirectory tree, and write themselves to the end of the file.
“Hafen.1640,1641,1689″ contain the decrypted body of “Ambulance” virus, and infect .COM files with this sample (drop the virus). “Hafen.809″ decrypts and displays the message:
Hafenstraße bleibt !
“Hafen.781″ decrypts and prints to the printer the message:
Kilroy was here - (C) 1991, VDV.
“Hafen.818″ creates the files with the random names, these files contain the text:
Hafenstraße bleibt !
“Hafen.1191″ manifests itself with a moving picture:
Details
Hadi.6153
It is not a dangerous memory resident partly encrypted parasitic virus. It hooks INT 8, 9, 20h, 21h and writes itself to the end of COM and EXE files that are executed or closed. The virus is semi-stealth: on opening an infected file the virus disinfects it, on DOS calls FindFirst/Next the virus returns the original length of infected files. When the disk checking utilities are run, the virus disables its stealth routines. The list of these utilities looks as follows: CHKDSK.EXE, SCANDISK.EXE, NDD.EXE, SPEEDISK.EXE, SD.EXE, DEFRAG.EXE. The virus does not infect the files: DEBUG.EXE, TD.EXE, CV.EXE, SI.EXE, NCSI.EXE, SYSINFO.EXE, MSD.EXE, HJ2321.EXE.
Depending on the system date and its internal flags the virus displays the messages:
Hercul Hadi
by Hadi Javan Amirkhizi
03/07/1996
TABRIZ–IRAN
Call me to repair your system (if you find me)
Press CTRL key for 5 seconds to return
Details
HackTool.Win32.CrackSearch.a
This program is written in Visual Basic, and is packed using ASPack. The file is approximately 26KB in size. It is designed to find hacker patches, programs which generate serial codes, and other utilities. It is a skin which can be used to search for key words via the search function on http:all
Details
HackMaster.1197
It is a dangerous memory resident encrypted parasitic virus. It hooks INT 8, 21h and writes itself to the end of .COM and .EXE files that are executed or closed. The virus deletes the SMARTC*.C* and CHKLIST.* files.
On each timer tick (INT 08h) the virus scans the screen for the “HaCKMaSTER” string. If such one is found, the virus copies the \PCB\MAIN\USERS file to the \PCB\DL01\TRSI3PTG.ZIP file.
The virus contains the text strings:
DVice_V1.0S-MA(C).
smartc*.c*
chklist.*
\PCB\MAIN\USERS.
\PCB\DL01\TRSI3PTG.ZIP
HaCKMaSTER
Details
Hacker.255
It is a very dangerous memory resident overwriting virus. It hooks INT 21h and overwrites each 5th file that is executed. The infected files are not recoverable and should be deleted. The virus contains the text string:
MEGA TROJAN VIRUS 1992 BY HACKER!!all
Details
Hack.130
It is a dangerous memory resident parasitic virus. When an infected file is executed the virus copies itself into the memory at address 9000:0000, and does not fix MCB list, and that might halt the computer. Then the virus hooks INT 21h and intercepts Write DOS function. When the destination is a COM file, the virus first writes its code, and then the original data that is writing. As a result when the COM files are copied, the virus writes its code to the beginning of the file. When the destination is standard output device (stdout), the virus displays:
(H*ck-tic)