Details
Mandra family

These are not dangerous memory resident parasitic viruses. They hook INT 21h and write themselves to the end of COM files that are executed.
Depending on the system timer the viruses display the messages:
“Mandra.533″: Mandragore for president !!!
“Mandra.562″: Mandragore’z sPirIt haunts ur computah !
“Mandra.664,669″: BEER and TEQUILA forever !’

The viruses also contain the text strings:
“Mandra.533″: Mandragore [Mdrg v3.7]
“Mandra.562″: Mandragore [Mdrg v4]
“Mandra.664,669″: Mandragore [Mdrg v5]
Error 8869: processor drunk 8*)
Eddy iz still alive somwhere in time all…

Mandra.866,886
These are memory resident encrypted viruses infecting EXE files that are opened or executed. The viruses write themselves to the end of files while infecting them. The viruses use not documented DOS calls, and have a bug in this part of code: these functions are called incorrectly. As a result, if there are several files opened, or a file is executed when some other files are opened, the viruses can use wrong file offsets and corrupt files.
The viruses call a video effect - running cow. The viruses also contain the strings:
[MAD COW]
Mandragore

Related Posts

This entry was posted on Tuesday, August 28th, 2007 at 7:50 pm and is filed under Virus Threats.