|
|
JDC famil Viruses Information
| Name: |
JDC famil |
| Category: |
Viruses |
| Description:
|
Details
JDC family
These are nonmemory resident polymorphic parasitic viruses. They search for COM and EXE files in current and parent directories, then for the COMMAND.COM file and write themselves to the end of the file. While infecting files packed with PKLite the viruses patch PKLite entry code and write "JMP Virus" instruction into the middle of PKLite code.
The viruses use two levels of polymorphic encryption as well as anti-debugging tricks based on i386 features. Under debugger they display the message:
This program requires 80386 or better.
The viruses also contain the text strings:
A JDC PRODUCTION
~~TEMP~~.TMP
If you want to contact us, call:
809-5100 and 809-5031
JDC.6891
It is a very dangerous virus. On Thursday 13th it erases the hard drive and floppy disks sectors. On April 1st it overwrites the MBR of the hard drive with a program that displays on loading:
VI(RUS)
Insert system disk in drive C: and
press enter or space.
The virus also contains the text in Russian and in English:
This program is incompotible with PC-DOSall
MCS 1994
=========================================
.xXXxQEE.D-VersionxXXx...................
Designed for ---[ ]/[ Z / ]---(R)
Internal revision: 005
-----------------------------------------
Copyright (c) 1997 John Darland Computing
QEE (c) 1996-97 JDC
-----------------------------------------
This is D-VERSION!!! (Pre-release)
=========================================
WiNDOWS '95 - ONLY FOR L·A·M·E·R·S
=========================================
[JDC] [JDC] [JDC] [JDC] [JDC] [JDC] [JDC]
=========================================
===[ Messages ]========================================
To Antivirus creators:
"Please name this virus QEE.DVersion"
===[ T·H·E E·N·D ]====================================
*.CoM *.eXe .. COMSPEC=
---[ QEE 1.42 ]-[ Quantum Encryption Engine, Copyright (c) 1996-97 JDC ]---
JDC.7616
It is not a dangerous virus. Depending on the system date and time the virus displays a picture containing the texts:
You have a VIRUS now
Press any key to continue
This program created special for ]/[ 2 /
Copr (c) 1997 JD
The virus also contains the text strings:
Sorry, there is a small error: this program
is incompotible with PC-DOS... :(
=========================================
.xXXxQEE.JV.Dr.WebxXXx...................
Designed for ---[ ]/[ Z / ]---(R)
Internal revision 004
-----------------------------------------
Copyright (c) 1997 John Darland Computing
QEE (c) 1996-97 JDC
=========================================
WiNDOWS '95 - ONLY FOR L·A·M·E·R·S
=========================================
[JDC] [JDC] [JDC] [JDC] [JDC] [JDC] [JDC]
=========================================
===[ Future ]==========================================
You will see in next version:
- 2 new encryptors:
- RCG (Random Code Generator) [10% done]
- TTT (The Time Tracer) [ 0% done]
- More cool Windows'95 halter [ 0% done]
Possibly:
- Int 21h tracing
===[ Messages ]========================================
To Antivirus creators:
"Please name this virus QEE.JV.DrWeb or QEE.JV.Anti95
or, in other case, QEE.AntiWin95. It is only first
virus from large family"
===[ Thanks ]==========================================
To: HR ( JDC ), VD (S&K, VI), DP (xxx), PP (xxx),
DZ ( P), ID ( P) and others...
===[ T·H·E E·N·D ]====================================
COMSPEC=C:COMMAND.COM
[ QEE 1.41 ]-[ Quantum Encryption Engine, Copyright (c) 1996-97 JDC ]--- |
Top Viruses Visited Pages:
Invader. - 231 visits
not-a-virus:RiskWare.Tool.RegPatch. - 69 visits
Worm.P2P.Harex. - 63 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 55 visits
Small.58. - 55 visits
Coito.64 - 53 visits
I-Worm.Mapson. - 45 visits
Win32.Hidra - 41 visits
Win16.Klon.1177 - 40 visits
Marine.500 - 34 visits
Random Viruses Pages:
I-Worm.Davini
IRC-Worm.Crack.
Blaze.28
Konrad.99
Unkempt.134
Trojan.Durel
I-Worm.Bagle.a
Hmyr.180
Backdoor.win32.Small.c
Mao.100
|
|
