Manualshelf

User`s guide

ManualsBrandsAMSTRAD ManualsComputer equipmentPC-ECD
12345678910
VIRUS BULLETIN ©1991 Virus Bulletin Ltd, 21 The Quadrant, Abingdon Science Park, Oxon, OX14 3YS, England. Tel (+44) 235 555139.
/90/$0.00+2.50 This bulletin is available only to qualified subscribers. No part of this publication may be reproduced, stored in a retrieval system, or transmitted
by any form or by any means, electronic, magnetic, optical or photocopying, without the prior written permission of the publishers.
VIRUS BULLETINPage 8 August 1991
IBM PC VIRUSES (UPDATE)
Updates and amendments to the Virus Bulletin Table of Known IBM PC Viruses as of July 21st 1991. Hexadecimal search patterns can
be used to detect the presence of the virus with the aid of a disk utility program, or preferably a dedicated virus scanner.
200 - CN: When an infected program is run, this 200 byte virus infects all COM files in the root directory of drive C:
200 33D2 B800 42CD 218B CEB4 40CD 212E 8B0E
337 - CR: A small, simple virus which does nothing but replicate.
377 5FBF 0001 578B CC2B CEF3 A433 F633 FF33
Arab, 834 - CR: Awaiting analysis.
Arab 3D00 4B75 368B EC8B 7600 8B7E 028C C98E
Delirium - CER: Yet another Murphy variant from Italy. 1778 bytes long and detected by the HIV pattern.
Captain Trips - CER: A Jerusalem variant,1808/1813 bytes long, with modifications intended to invalidate various scanner strings.
Captain Trips 03F7 2E8B 8D11 00CD 218C C804 1000 8ED0
Dewdz - CN: This 601 byte virus adds itself in front of the files it infects. Displays the text “Kewl Dewdz!” on screen.
Dewdz 434B 7409 B44F CD21 72BA 4B75 F7B4 2FCD
Fingers 08/15 - CER: A 1322 byte virus which is awaiting analysis.
Fingers 08/15 AE26 803D 0075 F847 4747 8BD7 1E2E 8C16
Jerusalem-1361 - CER: A stripped-down version of the Jerusalem virus, with all unnecessary code (including the trigger) removed.
Jerusalem-1361 218C C805 1000 8ED0 50B8 2F00 50CB FC06
Jerusalem-Clipper - CER: 1408/1413 byte Jerusalem variant. It generally infects EXE files, (no COM files were infected in testing).
Jeru-Clipper 2E8E 1612 002E 8B26 1000 2EFF 2E14 0058
Kemerovo-B - CN: Similar to the original Kemerovo virus, but appears to have been assembled with a different assembler.
Kemerovo-B 0400 8BF8 B904 00A4 E2FD 8BFA 2BDA 81EB
Lazy - CR: A primitive 720 byte virus, which always occupies the same area in memory and may cause system crashes if a large
program is run. The major effect of the virus is a slowdown of the infected computer.
Lazy 1E84 0026 A186 008E C026 8B07 BB90 5029
Leech - CR: A 1024 byte virus which uses self-modifying encryption, making the extraction of a search pattern difficult.
Leech FA1E 078B EC8B E681 C4E4 038C
Leprosy-D - CN: A 370 byte overwriting virus, derived fom one of the earlier variants. Infected programs must be deleted.
Leprosy-D B43B CD21 4683 FE03 7CE6 EB00 5EC3 8B16
Milan Overwriting - CN: A group of primitive, overwriting viruses from Italy. Two variants are known - BadGuy, which is 265 bytes
long and does nothing but replicate, and Exterminator which is 451 bytes long. When Exterminator activates it overwrites the
beginning of the hard disk, destroying the FAT and root directory of drive C:
Exterminator 02EB E2B4 2ACD 213C 0174 03EB 2F90 C606
BadGuy 02EB D9B4 2ACD 213C 0174 11EB 1D90 071F
Mosquito - ER: A 1024 byte virus which is awaiting analysis.
Mosquito 5650 BE49 002E 8A24 2E32 261E 002E 8824
Mule - CER: A 4112/4117 byte encrypted variant of Jerusalem. First reported in Australia. Detected by the Jerusalem-1 pattern.
Shadowbyte - CN: A 723 byte virus which is awaiting analysis.
Shadowbyte 8B54 0183 C203 B442 CD21 89F2 83C2 03B9
Stardot-600 EN: This virus may be related to the September 18th virus. It overwrites the beginning of logical drives when it triggers.
Stardot-600 32F6 B908 0033 DB51 B901 00D1 C250 CD26
Twin-351 - CR: A companion type virus which attempts to hide from detection while memory-resident.
Twin-351 8C4C 048C 4C08 8C4C 0CB8 004B 8D16 0F01
Vienna-733 - CN: An encrypted variant of Vienna. It activates if an infected program is run on the second day of the month and
produces a high-pitched sound.
Vienna-733 89D6 81EE F201 89F7 B956 01FC ACFE C0AA
Virdem 824 - CN: A new version of the Virdem family. The following pattern can be found in all the Virdem variants.
Virdem-family 83C3 1C26 C707 205C 431E 8CC0 8ED8 8BD3