|
|
Sirius Famil Viruses Information
| Name: |
Sirius Famil |
| Category: |
Viruses |
| Description:
|
Details
Sirius Family
These are harmless nonmemory resident parasitic encrypted viruses. They search for .COM files of C: drive and write themselves to the end of the file. They contain the text strings:
"Sirius.400": << Ebbelwoi >> by (?)SRUS 10-93 D-63225
"Sirius.615": <>[EBBELWOI]v34 by(C)SiRiUS 1/94 D-47885 TRAN
"Sirius.640": <>[EBBELWOI]v34 by(C)SiRiUS 1/94 D-47885 VFAC
"Sirius.720": <> EBBELWOI v33m BY (?)SRUS 12-93 D-63225 IAMQVE OPVS
EXEGI QVOD NEC IOVIS IRA NEC IGNIS NEC POTERIT FERRVM NEC
EDAX ABOLERE VETVSTAS
Sirius.975,1070
These are harmless memory resident polymorphic parasitic viruses. They hook INT 21h and write themselves to the end of .COM files that are executed. They contains the text string:
[EBBELWOI] Version QUX-7 3/94 Sirius
Sirius.Alive
These are memory resident polymorphic parasitic viruses. They hook INT 21h and write themselves to the end of COM and EXE files that are accessed. The viruses contain the text strings:
"Sirius.Alive.2200":
<< ALIVE >> BY SiRiUS, Germany, Version 0.03 (?) 1994-Oct
-WAtCh oUt fOr A pOlyMorpHic vErsIoN!-
Generation:
Infections:
Sum:
MyStamp:
ParentStamp:
[SPM] [-----------------]
"Sirius.Alive.2283":
c:dosdoskey.com
<< ALIVE >> BY SiRiUS (?) 1994-SEP, OPENVALLEY/GERMANY
TRoN! 3-Oak-SCHooL! Version 0.01á Adv.Polymorphic/Armed
SIRIUS POLYMORPHIC MODULE
"Sirius.Alive.3400" (the spaces between '=' and ']' may be filled with hexadecimal data):
[ALIVE 3] 1995 by Sirius - Germany
[ID= ]
[PARENT-ID= ]
[GENERATION= ]
[BROTHERS= ]
[SUM= ]
-D-U-VTBF-VISVSSVSSCCLINHMCOWIMS
[SIRIUS POLYMORPHIC MODULE]
"Sirius.Alive.4000" (the digits between the '[' and ']' borders may be filled with any decimal digits):
<=- A·L·I·V·E -=>
Distributed by the Alternative AL and AI Research Lab Germany,1995
FIRST NAME [000000]
LAST NAME [000000]
BIRTHDAY [01-01-95 01:01]
GENERATION [0001]
HEIR [0001]
SUM [0001]
Rewritten by SiRiUS. PrimeCode:***ÖpNV|42$)fJ***
-D-U-VF-TBSSSVVIVSNEVPIMAVCLCOHMINMSSCWI
"Sirius.Alive.2283" is a dangerous virus, it deletes some anti-virus programs. While installing memory resident it infects the C:DOSDOSKEY.COM file. It also hooks INT 1Ch, and sometimes manifests itself with some sound effect.
"Sirius.Alive.3400,4000" do not infect some anti-virus programs, and disable the stealth routines when these programs are executing.
"Sirius.Alive.4000" checks the command line while executing an infected file, and displays the message (such as above) if the command line contains "AL" string. Sirius.Annihilator These are not dangerous nonmemory resident encrypted parasitic viruses. They search for .COM files and write themselves to the end of the file. They contain the text string:
HtTM's Annihilator
Some versions of these viruses contains the strings:
"Annihilator.304,308": [HtTM's Annihilator v2.00]
"Annihilator.314": [HtTM's Annihilator v2.10]
"Annihilator.305": The great Sirius Rip Off Virus!
"Annihilator.357,361,379,383":
Your harddisk has been infected with
[HtTM's Annihilator v1.00]
"Annihilator.390,394,412,416,510,548,711":
Your harddisk has been infected with
[HtTM's Annihilator v2.00 - 10.08.1991]
"Annihilator.453": [HtTM's Annihilator v3.10]
"Annihilator.596":
This file is infected with
Annihilator
by [HtTM] - 10.08.1991/93
"Annihilator.599":
Your harddisk has been infected with
HtTM's Annihilator 3.21 - 10.08.1991/93
"Annihilator.603":
our harddisk has been infected with
[HtTM's Annihilator v3.00 - 10.08.1991/93]
"Annihilator.607,610":
-- Your harddisk has been infected with --
[HtTM's Annihilator v3.10 - 10.08.1991/93]
"Annihilator.673":
-- Your harddisk has been infected with --
[HtTM's Annihilator v3.00 - 10.08.1991/93]
The slightly polymorph COM infector Virus!
"Annihilator.733,739":
Your harddisk has been infected with
[HtTM's Annihilator v2.10 - 10.08.1991]
Some of these viruses display the corresponding string. "Annihilator.711" manifests itself by a sound effect.
"Annihilator.404" displays the message and halts the computer:
You have got the Anti TRON Virus!
Don't support TRON (MrMsNort) in D-17149 Stavenhagen
Sirius.Homunculus
It is a dangerous memory resident polymorphic parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed or opened. The virus does not infect the files with the names that have the strings at the beginning of the file name:
TB??????.*
ST??.*
F-????.*
AV.???
VS???.*
SC??.*
CL???.*
HM?.*
WI?.*
CT??.*
L.*
OR?.*
CO??.*
When any of first six listed above files is executed, the virus deletes it.
Depending on the system timer the virus displays:
[ HOMUNCULUS ] by SiRiUS nov/94 Germany
WARNING:
YOUR SYSTEM HAS BEEN CORRUPTED BY A COMPUTER VIRUS
IF YOU TURN OFF YOUR COMPUTER NOW ALL DATA ON THE HARDDISK WOULD BE LOST
Wait 5 minutes and think
about the young english
virus writers, who were
arrested by the british
police that year.
IF YOU STRIKE ANY KEY BEFORE ALL DATA ON THE HARDDISK WILL BE LOST
and then continues without any harm. The viruses also contain the text strings:
GEN:
BROS:
ANCESTORS:
ID:
PARENT-ID:
[Sirius-Polymorphic-Module] [SPM]
Sirius.Mem
These are dangerous memory resident encrypted parasitic viruses. They hook INT 21h and write themselves to the end of COM files that are executed. Depending on system date they erase the disk sectors, play a tune and display the messages. They contain the text strings:
Greetings to TRON, Sirius and Man on the Moon!
THANX to Dark Angel and PS
and/or:
"Mem.553":
Greetings to TRON, Sirius and Man on the Moon!
[Mem-Annihilator II-*-v1.00-*-1994]
"Mem.1187,1217":
Your harddisk has been infected with
|-----------------------------------------|
> Mem-Annihilator II -*- v1.04 -*- 1994 <
|-----------------------------------------|
Greetings to all virus writers elsewhere!
Serial Number: ELSE-0001
"Mem.1201,1203":
Your harddisk has been infected with
|-----------------------------------------|
> Mem-Annihilator II -*- v1.03 -*- 1994 <
|-----------------------------------------|
Greetings to all virus writers elsewhere!
Serial Number: MA2-0001
Sirius.Spawn
These are harmless nonmemory resident companion viruses. They search for .EXE files and create companion .COM files. The viruses contain the text string:
COM *.EXE
and:
"Spawn.252": Annihilator (SPAWN) is still alive!
"Spawn.255,267": Annihilator (SPAWN v1.01) is still alive!
"Spawn.258": Annihilator (SPAWN v1.00) is still alive!
Sirius.VCS
It is a harmless memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are executed. The virus contains the text string:
COM-Stealth v1.00 [ANNI-VCS 2.0]
CARO: Annihilator.VCS_2.Stealth.COM -OK- ??? |
Top Viruses Visited Pages:
Invader. - 231 visits
not-a-virus:RiskWare.Tool.RegPatch. - 69 visits
Worm.P2P.Harex. - 63 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 55 visits
Small.58. - 55 visits
Coito.64 - 53 visits
I-Worm.Mapson. - 45 visits
Win32.Hidra - 41 visits
Win16.Klon.1177 - 40 visits
Marine.500 - 34 visits
Random Viruses Pages:
KOH.
HellSpawn.114
Fasolo.14
I-Worm.Scramble
Deathrider.72
Trojan-Dropper.Win32.VB.i
Tip.55
Ultimate.419.
Piter.70
Macro.Word.Ana
|
|
