Details
Malatinec family

These are dangerous parasitic encrypted viruses. They write themselves to the end of COM and EXE files.
“Malatinec.1554″ is a nonmemory resident virus. It searches for COM and EXE files and infects them. “Malatinec.2367″ is a memory resident, it hooks INT 21h. On Load&Execute DOS call it searches for executable files and affects them. “Malatinec.3737″ is also memory resident virus, it infects files that are executed.
While infecting the viruses rename the file to:
“Malatinec.1554″: FileName.M03
“Malatinec.2367″: FileName.M04

then infect it and renames back to original name. The virus does not infect the files:
“Malatinec.1554″:
AVG AVP CLEAN GUARD IV NAV NOD SCAN TB VIRSTOP WEB HIEW

“Malatinec.2367″:
ADINF AVG AVP CLEAN DRWEB F- FINDVIRU FV GUARD IBMAV IV
NAV NOD SCAN TB TOOLKIT VIRSTOP VIVERIFY WEB HIEW

“Malatinec.3737″
COMMAND AFD CHKDSK DOS4G HIEW KRNL SCANDISK WIN ADINF AIDS ANTI ASTA
AUTHOR AVAST AVG AVP AVSCAN BAIT CERT CLEAN CPAV CRC DRWEB F- FINDVIR FV86
FV386 GOAT GUARD IBMAV ICE IV MKS MSAV NAV NOD PAS QCV QMS SCAN TB TKUTIL
TOOLKIT V- VAC VDS VIR VIVERIFY VPCSCAN WEB

The viruses delete the files:
“Malatinec.1554″:
ANTI-VIR.DAT AVP.CRC CHKLIST.CPS CHKLIST.MS IVB.NTZ SMARTCHK.CPS

“Malatinec.2367″:
ANTI-VIR.DAT AVP.CRC CHKLIST.CPS CHKLIST.MS CHKLIST.TAV FINGERP.VVF
FSIZES.QCV IVB.NTZ NAV_._NO SMARTCHK.CPS _CHK.CHK

“Malatinec.3737″
ADINF-?-all. ANTI-VIR.DAT AVG.GRS AVP.CRC CHKLIST.CPS CHKLIST.MS
CHKLIST.TAV CRCHECK.TXT FINGERP.VVF FSIZES.QCV ICE_?.CRC IM.PRM IVB.NTZ
MSAV.CHK NAV_._NO NODEX_?.DAT SMARTCHK.CPS _CHK.CHK

The viruses also contain the text strings:
“Malatinec.1554″:
Virus Malatinec v0.3
Note: this is evolutionary (beta) version only. Be Happy!
PATH=*.* COMEXEM03

“Malatinec.2367″:
Virus Malatinec v.0..W_Nreated by Aladiah
Greet: all my friends in Slovakia; G722,E10,H723,H118 & all H4??
(sch.yr.95/96) & of coz i send a big fuck 2 big boxer V.M.
Note: this is last evolutionary ( ) version. Don’t Worry! Watch out

“Malatinec.3737″
[Malatinec] by Aladiah (C) 4/97
+ ¥ m , w+ + y u &pount; k¡ g ? ?!

“Malatinec.3737″ depending on the system time also displays one of messages:
Ked sa budes dobre ucit, dcerenka, stanes sa manekynkou.
Don’t dread! I’m friendly ghost
Critical Error - Use (MC) Hammer.
REALITY.SYS corrupted - reboot Universe ? [Y,n]
I’m INside. (what’s about your heuristic?)
Memory failed. Use paper.
Attention. High voltage on keyboard!
Prosím Vás, Zastavte HZDS !

Related Posts

This entry was posted on Tuesday, August 28th, 2007 at 3:50 am and is filed under Virus Threats.