Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
Win32.HLLO.Harrier.1821 Viruses Information

Name: Win32.HLLO.Harrier.1821
Category: Viruses
Description: Details
Win32.HLLO.Harrier.18210

It is a very dangerous nonmemory resident parasitic Windows32 virus written in Borland C++. When an infected program is run, it searches for EXE files in the Windows directory and replaces (overwrites) then with its code. The infected files are not recoverable and should be deleted.
The virus also changes the WIN.INI file to force Windows to load and run infected file on each restart - the new instruction "load=" is written to the [windows] section there, and it points to the infected file. To prevent duplicate run the virus also adds the section [Harrier] to the end of WIN.INI file and writes the string to there: "Infected=Yes". When run the virus checks this section, and skips infection routine if it is set.
The virus then goes to endless loop where it checks the system time and manifests itself with stupid messages that have the same header:
"95&98-th Harrier from DarkLand"

The message body depends on the system time. If minutes=13 the virus displays:
Oops, World, it is Me!
Can You image it? I am the Win32 platform based virus!
Hey,Daniloff! Will You porte Your DrWeb at this platform?
Hmm, Guy, what You think about Watom C++ ?
Greetings goes to Gill Bates and to her Mircosoft Windoze 95 & 98 sucks,
and to rest lame pat of world.
Ugly Lamers MUST DIE!
Who am I? I am the "95&98-th Harrier from DarkLand" !!!
I come from dark, I invade Your PC and now I will invade Your mindall
ZeMacroKiller98
v3.01 Release(3) from 16-Apr-1999y

If [condition] the messages are:
hour=12: System malfunction!
minutes=20: VXDs rings overcrossed!
minutes=30: VCPU mode thunking error!
Attention! Bugs inside computer, use SoftIce.
minutes=45: CPU overclocked, cooler device emergency!
hour=15: Help subsystem is damaged!

The virus then (in the same loop) looks for "System Properties", "Control Panel", "Propriétés Système" and "Panneau de configuration" windows and changes their header line with "95&98-th Harrier from DarkLand". The virus also writes the text to the window:
Manufactured and supported by:
HARRIER FROM DARKLAND



Top Viruses Visited Pages:
Invader. - 233 visits
not-a-virus:RiskWare.Tool.RegPatch. - 70 visits
Worm.P2P.Harex. - 65 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 59 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 47 visits
Win16.Klon.1177 - 42 visits
Win32.Hidra - 42 visits
Marine.500 - 35 visits

Random Viruses Pages:
Macro.Word97.Carrie
Pray Famil
Calu.242
TrojanDropper.VBS.Zeroli
Macro.Word.Gras
Cowboy.248
Galicia.80
Privet.115
Macro.Word.Wordd
TEH.64


 

© 2006-2008 spyware32.com - Privacy Policy