Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: List of all virus....

  1. #1
    Senior Member Array
    Join Date
    Nov 2006
    Age
    32
    Posts
    5,877
    Country: India
    Rep Power
    0

    List of all virus....

    hi frnds...
    i'll try to update all the virus names i know something about them...

    hope it is useful to u all...

    give me some names and i'll get u some info about it....

    have a gr8 day
    bye tc


     



  2. #2
    Senior Member Array
    Join Date
    Nov 2006
    Age
    32
    Posts
    5,877
    Country: India
    Rep Power
    0

    A&A

    Type: Virus


    A & A is a virus that changes an infected programís time and date stamp to the date and time of infection. When activated, the virus clears and reprints blocks of the screen. The infection code contains the string:{A&A}

    Recommendations

    Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

    * Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
    * If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
    * Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the current Service Pack installed.). Additionally, please apply any security updates that are mentioned in this writeup, in trusted Security Bulletins, or on vendor Web sites.
    * Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
    * Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
    * Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.
    * Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.

  3. #3
    Senior Member Array
    Join Date
    Nov 2006
    Age
    32
    Posts
    5,877
    Country: India
    Rep Power
    0

    A2K.Damcor

    Type: Worm

    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


    When A2k.Damcor is executed, it performs the following actions:

    1. Launches Microsoft Access in order to execute the Macro code.

    2. Attempts to use Microsoft Outlook to email itself to all contacts in the address book.

    3. The email has the following characteristics:

    Subject: Re: Saddam Corrupted
    Body: Please find the details of Saddam Corrupted
    Attachment: account.mdb

    4. Closes Microsoft Access.

    Recommendations

    Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

    * Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
    * If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
    * Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the current Service Pack installed.). Additionally, please apply any security updates that are mentioned in this writeup, in trusted Security Bulletins, or on vendor Web sites.
    * Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
    * Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
    * Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.
    * Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.

  4. #4
    Senior Member Array
    Join Date
    Nov 2006
    Age
    32
    Posts
    5,877
    Country: India
    Rep Power
    0

    A2M.Accessiv.A

    Type: Macro


    This virus is a rework of AM.Accessiv.A to make it work under Microsoft Access 2.0. The infection has:

    * AutoExec macro
    * V module


    In Microsoft Access, macro is simply a set of actions to automate common tasks. One of the special macro is AutoExec, which MS Access executes automatically when a database is opened.

    When an infected database is opened, the virus searches for MS Access database files (*.MDB) in the current directory and copies both AutoExec macro and V module to the MDB file.

    Recommendations

    Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

    * Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
    * If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
    * Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the current Service Pack installed.). Additionally, please apply any security updates that are mentioned in this writeup, in trusted Security Bulletins, or on vendor Web sites.
    * Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
    * Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
    * Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.
    * Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.

  5. #5
    Senior Member Array
    Join Date
    Nov 2006
    Age
    32
    Posts
    5,877
    Country: India
    Rep Power
    0

    A97M.Hamdam.A

    Type: Macro


    Obtain the most recent virus definitions. There are two ways to do this:

    o Run LiveUpdate. LiveUpdate is the easiest way to obtain virus definitions. These virus definitions have undergone full quality assurance testing by Symantec Security Response and are posted to the LiveUpdate servers one time each week (usually Wednesdays) unless there is a major virus outbreak. To determine if definitions for this threat are available by LiveUpdate, look at the Virus Definitions (LiveUpdate) line at the top of this write-up.
    o Download the definitions using the Intelligent Updater. Intelligent Updater virus definitions have undergone full quality assurance testing by Symantec Security Response. They are posted on U.S. business days (Monday through Friday). They must be downloaded from the Symantec Security Response Web site and installed manually. To determine if definitions for this threat are available by the Intelligent Updater, look at the Virus Definitions (Intelligent Updater) line at the top of this write-up.

    Intelligent Updater virus definitions are available here. For detailed instructions on how to download and install the Intelligent Updater virus definitions from the Symantec Security Response Web site, click here.

    1. Start Norton AntiVirus (NAV), and make sure that NAV is configured to scan all files. For instructions on how to do this, read the document How to configure Norton AntiVirus to scan all files.
    2. Run a full system scan.
    3. If any files are detected as infected by A97M.Hamdam.A, click Repair.

  6. #6
    Senior Member Array
    Join Date
    Nov 2006
    Age
    32
    Posts
    5,877
    Country: India
    Rep Power
    0

    3b Trojan

    Type: Hoax


    Although this Trojan horse at one time existed, there has been no reported infection or destruction caused by it since late 1995. The rumor of its existence, however, has been quickly spreading through Internet mail from the time it was first discovered. This Trojan horse program, although it did exist at one time, is now more a rumor or hoax than an actual threat to the public. It has caused more damage and concern through its rumored existence than by direct action of the program itself.

    For those interested, here is a summary of how the original strain functioned. Again, it is not currently considered in distribution and is not considered a threat to the public.

    3b Trojan is a Trojan Horse program that claims to be the latest version of PKZIP, Version 3.0g, from PKWARE Inc. 3b Trojan was first received by the Symantec AntiVirus Research Center in late July 1995. The definition (fingerprint) was integrated into the August 1995 virus definition set and has been part of every update since that initial release.

    3b Trojan is not a virus. Trojan Horse programs do not replicate and spread themselves. Instead, they masquerade as legitimate programs, in this case, as a new release of PKZIP. Users download these programs, thinking them beneficial, and run them. For the event, or trigger, to take place, users must manually download these files and consciously run them. The vast majority of Trojan Horse programs are written with a destructive intention.

    3b Trojan has been distributed under the following names:

    * PKZ300B.EXE
    * PKZ300B.ZIP
    * PKZIP300.EXE
    * PKZIP300.ZIP


    The triggered event is to format the hard drive. The "self-extracting" versions of the executable (.EXE) files for 3b Trojan (.EXE) and the "PKZIP" program within it have this trigger. There have also been reports that 3b Trojan "affects modems of 1.44 and higher." These accounts are incorrect: 3b Trojan has no such capability.

    As of November 1996, only the following releases of DOS PKZIP program are valid:

    * 1.10
    * 1.93
    * 2.04c
    * 2.04e
    * 2.04g


    In response to 3b Trojan, PKWARE Inc. has issued the following statement:

    It has come to the attention of PKWARE that a fake version of PKZIP is being distributed as PKZ300B.ZIP or PKZ300.ZIP. It is not an official version from PKWARE and it will attempt to erase your hard drive if run. It attempts to perform a deletion of all the directories of your current drive. If you have any information as to the creators of this Trojan horse, PKWARE would be extremely interested to hear from you. If you have any other questions about this fake version, please email [email protected].

    You can download PKZIP 2.04g from the PKWARE Web site.Please ignore any messages regarding this hoax and do not pass on messages. Passing on messages about the hoax only serves to further propagate it.

  7. #7
    Senior Member Array
    Join Date
    Nov 2006
    Age
    32
    Posts
    5,877
    Country: India
    Rep Power
    0

    5Lo

    Type: Virus


    5Lo is a virus that changes the infected programís time and date stamp to the date and time of infection. Files that have the read-only attribute set are not affected. 5Lo does little more than replicate itself. The following text can be found within the viral code (not displayed):

    92.05.24.5lo.2.23

    Recommendations

    Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

    * Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
    * If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
    * Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the current Service Pack installed.). Additionally, please apply any security updates that are mentioned in this writeup, in trusted Security Bulletins, or on vendor Web sites.
    * Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
    * Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
    * Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.
    * Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.

  8. #8
    Senior Member Array
    Join Date
    Nov 2006
    Age
    32
    Posts
    5,877
    Country: India
    Rep Power
    0

    10_Past_3

    Also Known As: 748, Tea Time, Therese
    Type: Virus


    On various dates, the virus alters certain hardware and software interrupts, preventing them from working, which can be a real nuisance. In addition, it alters keystroke commands 1 time in 11 if the hour is between 15:10 and 15:13. The .789 variant displays the following message on the 22nd of every month after 1991:

    Ah Ah Ah Ah Ah Therese Ah Ah Ah Ah Ah

    It then reboots the computer.

    Recommendations

    Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

    * Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
    * If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
    * Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the current Service Pack installed.). Additionally, please apply any security updates that are mentioned in this writeup, in trusted Security Bulletins, or on vendor Web sites.
    * Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
    * Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
    * Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.
    * Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.

  9. #9
    Senior Member Array
    Join Date
    Nov 2006
    Age
    32
    Posts
    5,877
    Country: India
    Rep Power
    0

    15_Years

    Also Known As: Esto Te Pasa, Espejo
    Type: Virus


    The effect of the virus payload is highly destructive. Once triggered, any sector on any disk that is read is overwritten, resulting in complete data loss in that sector. The information written to the sectors closely resembles a DOS file allocation table (FAT). When the original system FAT is accessed after the virus has triggered, this sector is overwritten in the same manner as all other files, but DOS perceives it as a valid FAT. As a result, a DOS DIR command reveals a volume label of "nosotros n", a long list of files with the name "ESTO TE.PAS", along with many other garbage file and directory entries. The list was intentionally crafted by the virus writer to be displayed in this manner.

    Recommendations

    Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

    * Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
    * If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
    * Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the current Service Pack installed.). Additionally, please apply any security updates that are mentioned in this writeup, in trusted Security Bulletins, or on vendor Web sites.
    * Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
    * Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
    * Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.
    * Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.

  10. #10
    Senior Member Array
    Join Date
    Nov 2006
    Age
    32
    Posts
    5,877
    Country: India
    Rep Power
    0

    1stAntiVirus

    Infection Length: 144,000 bytes

    Publisher: 1stAntiVirus

    File Names: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\

    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


    When 1stAntivirus is executed, it performs the following actions:

    1. Creates some of the following files:

    * C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Start 1stAntiVirus.lnk
    * C:\Documents and Settings\Administrator\Desktop\1stAntiVirus.lnk
    * C:\Documents and Settings\Administrator\Desktop\1stAntiVirus.pkg
    * C:\Documents and Settings\Administrator\Start Menu\Programs\1stAntiVirus\Register 1stAntiVirus.lnk
    * C:\Documents and Settings\Administrator\Start Menu\Programs\1stAntiVirus\Start 1stAntiVirus.lnk
    * C:\Documents and Settings\Administrator\Start Menu\Programs\1stAntiVirus\Uninstall 1stAntiVirus.lnk
    * %ProgramFiles%\1stAntiVirus\App.exe
    * %ProgramFiles%\1stAntiVirus\drv\securedisk.dcc
    * %ProgramFiles%\1stAntiVirus\drv\xpdriver.sys
    * %ProgramFiles%\1stAntiVirus\extensions.pkg
    * %ProgramFiles%\1stAntiVirus\program.info
    * %ProgramFiles%\1stAntiVirus\Uninstall.exe
    * %ProgramFiles%\1stAntiVirus\Update.exe
    * %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Start KillSpy.net.lnk
    * %UserProfile%\Desktop\KillSpy.net.lnk
    * %UserProfile%\Desktop\KillSpy.net.pkg
    * %Userrofile%\Start Menu\Programs\KillSpy.net\Register KillSpy.net.lnk
    * %UserProfile%\Start Menu\Programs\KillSpy.net\Start KillSpy.net.lnk
    * %UserProfile%\Start Menu\Programs\KillSpy.net\Uninstall KillSpy.net.lnk
    * %ProgramFiles%\KillSpy.net\App.exe
    * %ProgramFiles%\KillSpy.net\drv\securedisk.dcc
    * %ProgramFiles%\KillSpy.net\drv\xpdriver.sys
    * %ProgramFiles%\KillSpy.net\extensions.pkg
    * %ProgramFiles%\KillSpy.net\logs\1144058126.log
    * %ProgramFiles%\KillSpy.net\program.info
    * %ProgramFiles%\KillSpy.net\Uninstall.exe
    * %ProgramFiles%\KillSpy.net\Update.exe
    * C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Start SpyDeface.lnk
    * C:\Documents and Settings\Administrator\Desktop\SpyDeface.lnk
    * C:\Documents and Settings\Administrator\Desktop\SpyDeface.pkg
    * C:\Documents and Settings\Administrator\Start Menu\Programs\SpyDeface\Register SpyDeface.lnk
    * C:\Documents and Settings\Administrator\Start Menu\Programs\SpyDeface\Start SpyDeface.lnk
    * C:\Documents and Settings\Administrator\Start Menu\Programs\SpyDeface\Uninstall SpyDeface.lnk
    * C:\Program Files\SpyDeface\App.exe
    * C:\Program Files\SpyDeface\drv\securedisk.dcc
    * C:\Program Files\SpyDeface\drv\xpdriver.sys
    * C:\Program Files\SpyDeface\extensions.pkg
    * C:\Program Files\SpyDeface\logs\1144150040.log
    * C:\Program Files\SpyDeface\logs\1144150054.log
    * C:\Program Files\SpyDeface\program.info
    * C:\Program Files\SpyDeface\Uninstall.exe
    * C:\Program Files\SpyDeface\Update.exe


    Note:

    * %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
    * %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).

    2. Creates some of the following registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\1stAntiVirus
    HKEY_CURRENT_USER\Software\XXI\1stAntiVirus
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\KillSpy.net
    HKEY_CURRENT_USER\Software\XXI\KillSpy.net
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\SpyDeface
    HKEY_USERS\S-1-5-21-220523388-1844823847-682003330-500\Software\XXI\SpyDeface
    HKEY_USERS\S-1-5-21-220523388-1844823847-682003330-500\Software\XXI\SpyDeface.com

    3. Incorrectly detects clean files as infected.

    4. Uses these false results in an attempt to persuade users to register the product for a fee.

    5. Adds some of the following registry entries:

    "Start" = "0x00000002"
    "ImagePath" = "\??\%ProgramFiles%\KillSpy.net\drv\xpdriver.s ys"
    "ImagePath" = "\??\%ProgramFiles%\SpyDeface\drv\xpdriver.sys "
    "DisplayName" = "securedisk"

    to the subkeys:

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s ecuredisk
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\securedisk

    Note: The service created may be used by legitimate applications.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)







Similar Threads

  1. get protection against usb virus
    By admin in forum Utilities
    Replies: 0
    Last Post: 01-18-2011, 03:18 PM
  2. Virus & your Mobile ... What is a mobile phone virus?
    By mrina in forum Mobile Software
    Replies: 2
    Last Post: 07-19-2009, 05:14 AM
  3. avast! Virus Cleaner - free virus removal tool
    By mahima in forum Utilities
    Replies: 0
    Last Post: 04-24-2008, 08:55 AM
  4. virus plz help me
    By yrakesh78 in forum Computers and Laptops
    Replies: 4
    Last Post: 02-12-2008, 11:48 AM
  5. Virus & your Mobile ... Whatís a mobile phone virus?
    By sweety4u in forum Smartphones and Tablets
    Replies: 2
    Last Post: 12-29-2007, 06:36 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Get Daily Forum Updates

Get Most Amazing E-mails Daily
Full of amazing emails daily in your inbox
ĽĽ Join Nidokidos E-mail Magazine
Join Nidokidos Official Page on Facebook


Like us on Facebook | Get Website Updates | Get our E-Magazine