|
The C Virus is a computer virus which infects .COM and .EXE files. The virus is loaded into memory by executing an infected program and then affects the computer's runtime operation and corrupts program or overlay files.
 Research C Virus
The C-A-D Virus is a computer virus which infects the diskette boot sector. The virus is loaded into memory by booting from an infected disk and then affects the computer's runtime operation by infecting any diskette when ALT- CTRL-DELETE is pressed.
Research C-A-D Virus
The C0m 263 virus is a non -resident virus that searches for .COM-files and overwrites them. On Tuesday it renames the file \COMMAND.COM file to the new name: \COMMAND.C0M and then displays the message: Error reading drive C: BillMeTuesday! On other days it types: 'EXEC Failure'.
Research C0m 263
The CA 815 virus is a dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed. The virus does not infect *AN.*, * OT.* and *AN.* files. Depending on the system time the virus halts the system. The virus contains the text: [ nORThMeNS aNGeR] Coded by C.A, Karlstad, Sweden, 10/96
Research CA 815
The Caco-Daemon Virus is an encrypted computer virus written by John Tardy of the Trident organisation, which infects .COM files, including those protected by McAfee validation code. The virus is loaded into memory by executing an infected program and then affects the computer's runtime operation and corrupts program files.
Research Caco-Daemon Virus
The CAD Kill Virus is a computer virus which infects .COM, .EXE and overlay files including COMMAND. COM. The virus is loaded into memory by executing an infected program and then affects the computer' s runtime operation and corrupts program or overlay files and data files.
Research CAD Kill Virus
The Cagliari family of viruses are very dangerous memory resident parasitic viruses. They hook INT 21h and write themselves to the end of .COM files that are executed. On May the 1st they erase the FAT sectors on disks A, B, C, D and then display the message: caGLiArI The similar string is used by virus in its 'Are you here?' call - while installing the virus calls INT 21h with AX=FFABh, the memory resident copy returns 'CA', ' GL', 'IA', 'RI' in registers AX,BX,CX,DX.
Research Cagliari
Cain & Abel is a network backdoor Trojan that communicates through port 666.
Research Cain & Abel
The Calu 2429 virus is a dangerous non-resident parasitic polymorphic virus. It searches for .COM files, then writes itself to the end of the file. The virus polymorphic decryption loop contains several incorrect tricks, as a result, depending on the system timer it sometimes cannot decrypt the virus body, and the infected file halts the computer. The virus contains the texts: [CALU] Coding error: Too Drunk error ! I'm TOOSAD from Romania
Research Calu 2429
The Cancer Virus is a variant of the V-847 Virus . It is a computer virus which infects .COM files. The virus is loaded into memory by executing an infected program and then affects the computer's runtime operation and corrupts program files.
Research Cancer Virus
The Cancerbero 1000 virus is a dangerous non-memory resident parasitic virus. It searches for .COM files, then writes itself to the end of the file. On the 30th of March the virus erases sectors of drive C: and displays the message: CANCERBERO
Research Cancerbero 1000
The Cancerbero killer virus is a harmless memory resident virus. It hooks INT 21h and writes itself to the end of COM files that are executed. It contains the text: Killer by Cancerbero
Research Cancerbero Killer
Candy is a memory resident parasitic stealth virus. It hooks INT 21h and writes itself to the end of EXE files when the operating system writes to them (when files are copied or updated). The virus also has a COM files infection routine, but fails to infect them because of a bug. The virus does not contain any payload. It contains the text strings: Speak my name 5 times in front of a mirror...
Candyman, Candyman, Candyman, Candyman, ... Written by T-2000 / Immortal Riot
Research Candy
The cannabis II virus is a harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the end of EXE files that are accessed. While installing, it also infects the COMMAND.COM file, while infecting COMMAND it does not increase the file's size but writes itself into the middle of the file. The virus does not infect files matching: CL*.EXE, HW*. EXE, TB*.EXe, F-*.EXE, WC*.EXE, TK*.EXE The virus contains the text string: No! Cannabis...
Research Cannabis II
The Cannabis Virus is a computer virus which infects the fixed disk and diskette boot sectors . The virus is loaded into memory by booting from an infected disk and then affects the computer's runtime operation.
Research Cannabis Virus
The Cannibal.1312 virus is a dangerous memory resident encrypted parasitic virus. It hooks INT 10h, 28h, 2Fh, 4Ah and on INT 10h, 28h calls infects the file which performed the call. On infection the virus writes itself to the end of the files. It contains a bug and corrupts .EXE-files on infection. It creates the file C:\VIRUS. $$$\cannibal.max and writes the text into it: MAX CANNIBAL vers.1. 04 (c)93 PAVLOVO CITY The virus displays that text on INT 4Ah calls. It also contains the internal text strings: AIDS Mad Max
Research Cannibal 1312
The Cansu Virus is a computer virus which infects the fixed disk partition table. The virus is loaded into memory by booting from an infected disk and then affects the computer's runtime operation and corrupts program or overlay files.
Research Cansu Virus
Cantando 857 is a non-dangerous non-resident encrypted parasitic virus. It searches for COM-files (except COMMAND.COM) and writes itself at their ends. It deletes the CHKLIST.MS files, and displays the message: * CaN TaN Do v01 : 'Onkos täällä kilttejä lapsia?-)' *
Research Cantando 857
The Caos 716 virus is a harmless memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of .COM-files that are accessed with DOS functions FindFirst and FindNext (on DIR command execution) . The virus contains the internal text strings: CAOS virii by WMÆ Hoy en Dia, cualquier sentido que le puedas dar a la a vida no vale tanto como para que esta merezca ser vivida.Virii Experimental, no es práctico ;)
Research Caos 716
The Capicua 511 virus is a dangerous memory resident parasitic virus. It copies itself into the system buffer, hooks INT 21h and writes itself to the end of .COM-files that are executed. Sometimes it terminates the program instead of executing it. It contains the internal text string: 'CAPICUA'.
*Capital Virus
The Capital Virus is an encrypted computer virus which infects .COM files including COMMAND.COM. The virus is loaded into memory by executing an infected program and then affects the computer's runtime operation.
Research Capicua 511
The Cara virus is a harmless memory resident virus that affect .COM-files while DOS access to them. It contains some function against some other viruses: if memory size is not divided to 10h then the virus type: ' Virus es en memoria!'; if some disk sectors contain the Boot-virus signature 'Cara. 1024' writes into these sectors a small program which types while booting: ' Disco es infectado. Reemplaza 'Boot'. Clandestino Auto- Reproductivo Anti- virus'. The infector contains the text 'CARA' and hooks INT 13h, 20h, 21h.
Research Cara Virus
Carbuncle is a dangerous memory resident companion virus. It is a COM file 622 bytes long. On execution it checks the system time, and depending on the current seconds value it either jumps to an infection routine or calls the trigger function.
In the infection routine the virus creates the file CARBUNCL.COM with the READONLY and HIDDEN attributes set and writes itself (622 bytes) into that file. If this file is present, the virus overwrites it if this file is not a READONLY one. If this file is READONLY, the virus tries to create and overwrite it but fails because it doesn't check/clear the file attributes. Then the virus searches for EXE files by using DOS functions FindFirst/FindNext and the mask '*.exe' and infect them. On infection the virus renames the EXE file to CRP and creates a batch companion file with the name of the infected program and a . BAT extension.
As the result, after infection of one EXE file there are two files with the same name and CRP and BAT extensions. Of course, CARBUNCL.COM is in the same directory also. The companion batch file contains six lines of DOS commands. If the file FILENAME.EXE was infected, the companion FILENAME.BAT contains these lines: @ECHO OFF CARBUNCL RENAME FILENAME.CRP FILENAME.EXE FILENAME. EXE RENAME FILENAME.EXE FILENAME.CRP CARBUNCL
If the user tries to execute the EXE program, DOS will execute the companion BAT file virus. On the first line of this BAT file the virus disables DOS echo for more invisibility. The instruction of the second line calls the main virus body from CARBUNCL.COM file, the virus searches for non-infected files and attacks them. The lines from the third to the fifth force DOS to execute the infected EXE that is hidden by a CRP extension. This file is renamed to an EXE extension, then it is executed as an EXE and then it is renamed back to CRP. And as the last action the BAT file executes the COM virus again. If the current seconds value of system times is lesser or equals than 16, the virus calls trigger subroutine. This code searches for the first five CRP files and overwrites them by the virus body. As the result these files are not recoverable and should be deleted. In another case they will spread the virus on execution. The virus contains the internal text strings which are in use on searching for not infected files and on creating BAT companion: *.crp CARBUNCL. COM BAT*.exe CRP @ECHO OFF CARBUNCL RENAME It also contains the 'copyright' string: PC CARBUNCLE: Crypt Newsletter 14
Research Carbuncle
The Career family of computer viruses are harmless memory resident parasitic viruses. They hook INT 21h and write themselves to the end of COM-files that are executed. These viruses infect the file if the first instruction of it is a JMP (E9h) instruction. The 3th and 4th bytes of infected file are the word 'UK'. These viruses also contain the internal text string: 'tenUKCareer of Evil'.
The Carioca Virus is a computer virus which infects .COM files. The virus is loaded into memory by executing an infected program and then affects the computer's runtime operation and corrupts program or overlay files.
Research Carioca Virus
The CaroEvil Virus is a computer virus which uses stealth techniques to avoid detection and which infects .COM files including COMMAND.COM. The virus is loaded into memory by executing an infected program and then affects the computer's runtime operation and corrupts program or overlay files.
Research CaroEvil Virus
The Cartuja Virus is a computer virus which infects .COM and .EXE files. The virus is loaded into memory by executing an infected program and then affects the computer's runtime operation and corrupts program or overlay files.
Research Cartuja Virus
The Casc-2 Virus is a VCL generated computer virus which infects .COM files including COMMAND.COM. The virus is loaded into memory by executing an infected program and then affects the computer's runtime operation by reducing the amount of RAM available and corrupts program files.
Research Casc-2 Virus
The Casc1621 Virus is an encrypted computer virus which infects .COM files including COMMAND.COM. The virus is loaded into memory by executing an infected program. The virus corrupts program files.
Research Casc1621 Virus
The Cascade Virus is an encrypted computer virus which infects .COM files including COMMAND.COM. The virus is loaded into memory by executing an infected program and then affects the computer's runtime operation and corrupts program or overlay files.
Research Cascade Virus
The Cascade/170x Virus is an encrypted computer virus which infects .COM files. The virus is loaded into memory by executing an infected program and then affects the computer's runtime operation and corrupts program or overlay files.
Research Cascade/170x Virus
The Casino Virus is a computer virus which infects .COM files including COMMAND.COM. The virus is loaded into memory by executing an infected program and then affects the computer's runtime operation, corrupts program or overlay files.
Research Casino Virus
The Casper Virus is an encrypted computer virus written by Mark Washburn which infects .COM files including COMMAND.COM. It prevents tracing by Debug. The virus is loaded into memory by executing an infected program and then affects the computer's runtime operation and corrupts program files.
Research Casper Virus
The Casteggio Virus is a computer virus which infects .COM and .EXE files including COMMAND.COM. The virus is loaded into memory by executing an infected program. The virus corrupts program or overlay files and data files.
Research Casteggio Virus
|
Abbreviations
Computer Viruses
