|
|
Nado famil Viruses Information
| Name: |
Nado famil |
| Category: |
Viruses |
| Description:
|
Details
Nado family
It is a very dangerous encrypted virus. It hooks INT 21h and writes itself to the end of EXE files that are executed. The virus has a bug, and may corrupt the files while infecting them. On GetDiskSpace DOS call (AH=36h) the virus creates the APRIL1ST.BAT file and writes the string to there:
@echo April Fool - 1996 - if u run this batch file your HDD will burn!
On SelectDisk DOS call (AH=0Eh) if the disk to set is A:, the virus checks the system time, and if the value of minutes is greater than 54, the virus displays the message:
April 1stall....i will now kill your HardDisk
and tries to create 100 subdirectories with the names like C:9
The virus also contains the text string:
[ APRIL-1 (c) made by TorNado/[DC] in Denmark '96 ]
Nado.CyberBug,Fatill
These are very dangerous encrypted viruses, "Nado.Fatill" is a polymorphic variant. They infect COM files that are executed. On GetDiskSize calls (INT 21h, AH=36h, "Nado.Fatill"), or while installing ("Nado.CyberBug") these viruses create files in the current directory:
"Nado.CyberBug": CYBERBUG.BAT
"Nado.Fatill": FATILL10.BAT
and writes the string into that file by:
echo > clock$
The viruses contain the text strings:
"Nado.CyberBug":
echo > clock
[ CyberBug v. 1.00 ][ made by TorNado DK ]
Cyberbug.bat
"Nado.Fatill":
[ Fatal-Illusion (c) made by TorNado in Denmark '95 ]
[NaE]
echo > clock$
fatill10.bat
On GetDiskSize calls "Nado.CyberBug" depending on the system timer, erases disk sectors.
When some anti-virus scanners (SCAN, F-PROT, VSHIELD, TBAV, and so on) are executed, "Nado.Fatill" deletes them.
Nado.Lover
These are encrypted viruses. They hook INT 21h and infect COM files that are executed. "Lover.531" is a harmless virus, it does not manifest itself in any way.
"Lover.602" is a very dangerous virus. It hooks INT 9 (keyboard), and when the DEL key is pressed, the virus overwrites the boot sector of the current disk with the string:
[Undying Lover v1.01][by WarBlaDE/DC '96]
and reboots the computer.
Nado.Rabin
It is a very dangerous encrypted virus. It infects COM files that are executed, or while writing new file attributes. The virus deletes the ANTI-VIR.DAT file if it exists.
Depending on the system time the virus hooks either INT 9 or INT 26h. The virus checks the system date in INT 26h handler, and on 3rd of any month erases the MBR of the hard drive by direct INT 13h call. The code of virus INT 9 handler overwrites the boot sector of default drive with the string:
[ Yitzhak-Rabin 1.00 (c) made by TorNado in Denmark '96 ]
when DEL key is pressed.
Nado.RedViper
These are dangerous viruses. They infect EXE files that are executed, or while writing new file attributes. The viruses do not manifest themselves, but may corrupt the files while infecting them. The viruses contain the text strings:
"RedViper.584": [ RedViper (c) made by TorNado in Denmark '95 ]
"RedViper.602": [ RedViper 1.5 (c) made by TorNado/[DC] in Denmark '95 ]
Nado.RedZar
It is a harmless encrypted virus, it infects COM and EXE files that are executed. It contains the text:
[ Red-Zar v. 2.00 (c) made by TorNado/DC in Denmark 1996 ] |
Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits
Random Viruses Pages:
Macro.Word97.Tha
Vic Famil
Apo.210
Macro.Access.Wall
Worm.Ha
Demiurg.306
Iron.18
I-Worm.Je
Krsna.761
Storm.116
|
|
