|
|
Andromed Viruses Information
| Name: |
Andromed |
| Category: |
Viruses |
| Description:
|
Details
Andromeda
These are dangerous memory resident parasitic viruses. They hook INT 21h and write themselves to the end of COM (except COMMAND.COM) and EXE files. In some cases they erase the disk sectors. The viruses contain the text strings:
"ANDROMEDA.758": [ANDROMEDA V1.1] BUDAPEST HUNGARY
"ANDROMEDA.800": ANDROMEDA*ICE*BUDAPEST
"ANDROMEDA.1024.a": AXE
"ANDROMEDA.1024.b": ANDROMEDA V3.0 BUDAPEST (Szegedi Imrének:
Ha mi nem lennénk, miböl élnél?)
"ANDROMEDA.1024.c": ANDROMEDA V3.0
"ANDROMEDA.1536.a": ROF OKI OOT CAN AND RBOGEMAND
"ANDROMEDA.1536.b": ROF OKI OOT CAN AND RBO GEM
ANDROMEDA V3.2 HUNGARY
"Plus.1337": ANDROMEDA/plus BUDAPEST 1991
ANDROMEDA.725,758
These viruses write themselves to the end of .COM files. They search for the files to infect them when any program is executed. While infecting, these viruses uses FCB Read/Write functions.
"ANDROMEDA.725" also hooks INT 9. Some time after installation it reboots the computer.
On October, 5th "ANDROMEDA.758" erases the FAT of the A: drive.
ANDROMEDA.800
Depending on the system date it hooks INT 1Ch. Some time after it displays random data and halts the PC.
ANDROMEDA.1024.a
It also hooks INT 09h. On execution of any file this virus searches for the first .EXE file of the current directory and writes itself to the end of the file. Depending on its internal counter this virus reboots the computer.
ANDROMEDA.1536.a,b
Sometimes they also hook INT 9h and some time after that reboot the computer. They contain the code of the disk erasing routine, but that routine never receives the control in "ANDROMEDA.1536.b".
ANDROMEDA.Plus
It also hooks INT 13h and while reading from disk boot sectors and the MBR of the hard drive puts the image of boot virus "Stoned" to the data buffer . As result: 1) Anti-virus scanners detect this virus on disks, but fail to disinfect it, because there is no "Stoned" virus in real. 2) The backup copies will contain infected disk images, and while restoring a disk from backup the virus will be placed to real disk sector. 3) While copying "sector-to-sector" (by DISKCOPY, for example) the virus will infect the destination disk. |
Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits
Random Viruses Pages:
VBS.Rabbit.
LivingDeath.376
Peasant.124
Ass.47
Win32.Porex.
MrTwister Famil
Mws.78
RP.Lazar.
KSV Famil
Bad.38
|
|
