Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
BAT.CopyTo Viruses Information

Name: BAT.CopyTo
Category: Viruses
Description: Details
BAT.CopyToC

These script viruses are written in BAT, and copy themselves to directories on the C: drive.
BAT.CopyToC.a
This virus is 552 bytes in size. When launched for the first time, the virus creates a file named 1.sys in the Windows directory. It then copies itself to the C: root directory as AllTheBat.bat.
The virus registers this file in the system registry to ensure that the file is automatically launched each time the system is started.
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
"AllTheBat"="c:\AllTheBat.bat"
It creates an additional file named C:AllTheBat.reg to enable it to do this.
On subsequent launches, the virus will rename all files in the current directory. It also adds the extension .bat to the name of every file. The virus attempts to copy itself to the A: drive as A:readme.txt.bat.
BAT.CopyToC.b
This virus is 1262 bytes in size. The virus attempts to copy itself to the C: drive under the following names:
c:Gunslinger.bat
c:progra~1msnmes~1Gunslinger.bat
c:progra~1msnmes~11043data.bat
c:progra~1window~1Gunslinger.bat
c:progra~1window~1skinsdata.bat
c:progra~1window~1Visual~1user.bat
c:progra~1internGunslinger.bat
c:progra~1internpluginsdata.bat
c:progra~1internsignupuser.bat
c:progra~1internw2kcpu.bat
Payload
The virus deletes EXE files in the C:progra~1 and C:Windows directories.
BAT.CopyToC.c
This virus is 825 bytes in size. The virus copies itself into other files on the C: drive.
New files which contain a copy of the virus will have the following names:
c:Autorun.exe.bat
c:windowstaskman.exe.bat
c:windowsNotepad.exe.bat
c:windowssystem32xcopy.exe.bat
c:windowsystem32systray.exe.bat
Payload
The virus disables the mouse and the keyboard by launching C:Windowsrundll32 with the appropriate commands.
It deletes .sys files from the Windows system directory and creates text files in the C: root directory.
The C:Readme.txt file contains the following text string:
Now you are f*ck
The C:Virus Info.txt file contains the following text string:
Poop Smells



Top Viruses Visited Pages:
Invader. - 241 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 67 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits

Random Viruses Pages:
BAT.Sakur
Teraz.400
Macro.Word.Dracul
Win2K.Stream.
Win32.Weir
Trojan-Dropper.Win32.Small.y
Boxes.108
Andre
Macro.Word.Smile
Realize.49


 

© 2006-2008 spyware32.com - Privacy Policy