Details
Ghost

It is a dangerous memory resident boot virus. It infects the MBR of the hard drive and boot sector on floppy disks. While infecting the virus saves the original MBR sector on the hard drive at the address 0/0/8 (track/head/sector) and the original boot sector of floppy disks to the last sector of root directory.
On loading from infected disk the virus copies itself into Interrupt Vectors Table and hooks INT 13h. It then infects floppy disks that are accessed. The hard drive MBR gets infection while loading from infected floppy disk.
While loading from infected floppy disk, if the MBR is already infected, the virus disinfects it: restores the original MBR image and fills sector 0/0/8 with zero byte. While disinfecting the virus leaves its “signature” in the last entry in Disk Partition Table: “GHOST”.
The virus uses quite risky anti-debugging trick and as a result halts Pentium computers.

Details
Ghh.482

It’s a dangerous memory resident parasitic virus. It hooks INT 1Ch, 21h and writes itself to the beginning of COM-files that are executed. On each timer tick (INT 1Ch) it scans the screen for the “THE GHH” string, and erases the disk sectors if that string is found.

Details
GGM Family

These are not dangerous memory resident parasitic viruses. They hook INT 8, 21h and write themselves to the end of .EXE files. As the first the “GGM.936″ virus infect the C:\DOS\SMARTDRV.EXE file. Then that virus infects the files that are executed. That virus checks the file name, compares the name beginning (two letters) with the string:
sctbclf-fp

and does not infect the anti-viruses SCAN, TB*, CLEAN, F-PROT and FPROT.
“GGM.898″ infects only one file – C:\TEST\TEST\TEST\TEST\TEST.EXE, and seems to be a test virus.
By hooking INT 8 the viruses checks the text that is typed and echoed on the screen. When the string “givegodmode” is entered, the virus adds the string “65535″. When “iamtheboss” is entered, the virus puts to the keyboard buffer: “ctty com”. When the string “checkboxports” is entered, the virus writes some data to the COM1 port.

Details
Gexa.2324

It is not a dangerous memory resident parasitic polymorphic virus. It hooks INT 21h and writes itself to the end of COM and EXE files (except COMMAND.COM) that are accessed. When the AIDSTEST anti-virus is executed, the virus displays a message in Russian. The virus uses anti-debugging tricks and halts Pentium computers. The virus also hooks INT 9 (keyboard) and checks input strings. In case of “gexa” the virus stuffs the text into keyboard buffer “- i am here!”, in case of “yalta” it stuffs the text “- nice town..!”.

Details
Getto.2000

It is a very dangerous memory resident parasitic polymorphic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed or accessed by FindFirst/Next DOS calls. On 10th, 20th and 30th of any month, depending on the system timer and its counters the virus deletes the files C:\IO.SYS, C:\MSDOS.SYS, C:\CONFIG.SYS and displays the message:
DOS/4GW Professional Protected Mode Run-time Version 1.95
Copyright (c) Rational Systems, Inc. 1990-1993
Getto Virus Version 1.0 Copyright (C) 1995,96 by Geci Ållat
This Getto requirest 80286 or better processor
Formating Hard Disk #1 [all................]
Formating Hard Disk #2 [...................]
Ready.
gEtTo Always the Best! MS-SUX Destroyer

The virus also contains the text strings:
Tested with F-Prot v2.22 and TBAV700

Details
Germ.255

It’s a not dangerous memory resident parasitic virus. It copies itself to the address 0050:0100, hooks INT 21h and writes itself to the end of COM-files that are executed. Every 256th generation of this virus displays:
GERM. (C) The Black Baron U.K 93

It also contains the internal text string:
Better SMEG than dead

Details
Geri.476

This is a harmless, non-memory resident encrypted parasitic virus. It searches for .COM files in the current directory, then writes itself to the end of the file.
The virus contains the following text strings:
*.COM
v 1.1 by Geri$oft, 95.01.28.

Details
Gergana.182

These are primitive dangerous not memory resident viruses that overwrite all .COM-files in current directory. “Gergana.450,512″ types messages. “Gergana.512″ cures the host file if one of more files are infected while the host file execution. These viruses contain the text “*.Com” and:
“Gergana.182″: Gergana”
“Gergana.222″: Gergana II -BUL3″
“Gergana.300″: Gergana / âÑ_úá?á -III”
“Gergana.450″: Gergana / âÑ_úá?á -IV Free This file is infected.
Press [Enter] to continue
“Gergana.512″: Gergana V For nice time call [359][032] 557-643.
[Enter] to continue

Details
GERD.798

It is a very dangerous nonmemory resident overwriting virus. It searches for .COM files in the current and C:\DOS directories, then overwrites the files. Depending on the system date and time the virus formats the disk sectors, reboots the computer, displays the messages:
HA! HA! HA!
Your computer is infected now by the
most likely and non-dangerous virus!
Please enjoy it!
Your MBR may now be corruptedall
General error reading drive C:
Abort, Retry, Ignore, Fail?

Details
Geodesic.666

It’s a harmless memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of COM- and EXE-files that are executed. It contains the internal text string:
Geodesic Propagation v2.0

Details
Gentry

It is a dangerous memory resident boot virus. It hooks INT 13h and writes itself to the MBR of the hard drive and boot sectors of floppy disks. On 32nd booting the virus displays the message “AVV was here!” and halts the computer.

Details
Genrat.785

It is a very dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed. On writing to files, depending on its generation, the virus corrupts the data buffer. The virus contains the text string:
GENRATN5

Details
Genesis.217

These are harmless not memory resident parasitic viruses. They search for COM-files and write themselves to their ends. They contain the internal text strings:
“Genesis.217″: [Genesis 1.0]Thor*.COM
“Genesis.226″: [Genesis 2.0]THOR*.COM
“Genesis.238″: [Genesis 3.0]*THOR.COM
“Genesis.295″: [GENESIS 4.0]*THOR.COM

Details
Galicia.800

This is relatively harmless, non-memory resident parasitic virus. It searches for COM files, then writes itself to the beginning of the file. In odd months (January, March, all), the virus drops the boot virus Galicia.a to the MBR of the hard drive.
The viruses contain the following text strings:
Galicia contra telefonica!

Details
Galeocerdo.600

This is a relatively harmless non-memory resident parasitic virus. It searches for COM-files and writes itself to their end. It searches and infects the files that are of internal COM-format, but with a .EXE file name extension, these files are infected in the same way as .COM-files. It adds 100 to the year value of the system date. On Thursdays, it corrupts the system BIOS data. It contains the following internal text string:
Victim of Galeocerdo cuvieri