A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | Encyclopedia Home
A letter viruses. Scroll down the page to view or choose from the names below:
A4F-Spoof |
Anti | AntiCMOS | AntiExe |
AutoStart Worm
A4F-Spoof
Anti
AntiCMOS
AntiExe
AutoStart Worm
If you are unable to find a description for a particular virus, please contact me or post a message in the forum.
Aliases: AOL4FREE
Type: Trojan (also can be a hoax or a real program: see description below)
Systems Affected: PC's
Payload: Yes
ITW: No
Origin:
Description:This is part hoax, part reality. First, there is a Macintosh program named aol4free (note, it does not carry the filename aol4free.com)Second, there is hoax generated that stated aol4free deleted files on users hard drives. Finally, there is a Trojan by the same name, which has been dubbed A4F-Spoof by the antivirus vendors to avoid confusion. (The assumption is that hoax was a spin-off of the Mac program, and the Trojan a spin-off of the hoax). In any event, hoax messages are text email only, whereas any attached executable has the potential to be infected. The Trojan, As4-Spoof, runs the DOS DELTREE command in to delete all files from a user's system.
How to prevent it: Beware of any executable attachments in email, even from known sources. Save and scan all files for malicious content before executing them. As with any Trojan, the method of disinfection is to simply delete the offending file.
Aliases:
Type: Macintosh application infector
Systems Affected: System 6 Macintoshes running Finder
Payload: No
ITW: Unreported
Origin: France
Description:Infects only applications and not the System file. Due to a bug in the virus, all the Code 1 resource attributes are cleared. This can result in an affected application using memory less effectively. This damage cannot be corrected by disinfection; optimally affected files should be restored from a clean backup. There are two variants of the Anti virus. Anti.A renders Anti.B inoperable.
What to look for:
How to prevent it: See Macintosh Viruses for further information about Macintosh threats.
Aliases: Gaxelle, Lenart, LiXi
Type: Memory resident boot sector virus
Systems Affected: IBM-compatible PC's
Payload: CMOS setup modification (faulty)
ITW: Yes
Origin: Hong Kong
Description: Description:
Common boot sector virus affecting both hard drives and floppy disks. Spread by booting from infected floppy diskette. Diskettes used in the infected machine will likely become infected as well. Two variants: AntiCMOS.a and AntiCMOS.b.
What to look for:
How to prevent it: Change CMOS settings to boot from the local hard drive rather than a floppy. See Tips for Safety for details on this and other preventative measures.
Aliases: D3, NewBug
Type: Stealth boot sector virus
Systems Affected: IBM-compatible PC's
Payload: Targets a specified .EXE file and prevents it from running
ITW: Yes
Origin:
Description:
Common boot sector virus affecting both hard drives and floppy disks. Spread by booting from infected floppy diskette. Diskettes used in the infected machine will likely become infected as well. Uses stealth techniques to hide its presence in the boot sector. Tries to thwart standard behavior-blockers by redirected BIOS disk interrupt 13h to interrupt D3h instead.
What to look for:
How to prevent it: Change CMOS settings to boot from the local hard drive rather than a floppy. See Tips for Safety for details on this and other preventative measures.
Aliases: Hong Kong virus
Type: Macintosh application infector
Systems Affected: PowerPC Macintoshes and compatibles, typically running QuickTime v2.0 with the "Enable CD-ROM AutoPlay" option enabled
Payload: Data destruction occurs with A, B, E, and F variants
ITW: Unreported
Origin: Hong Kong
Description:
As with any worm, the AutoStart worm makes copies of itself, rather than infecting other files. Autostart begins by copying itself to the root directory as an invisible QuickTime AutoStart application. It then copies itself to the Extensions folder. Variants C and D have no malicious payload, and in fact attempt to remove the other variants.
What to look for: Filenames are typically DB, BD, DELDB, Desktop Print Spooler, Desktop Printr Spooler, or DELDesktop Print Spooler. There exist similar named files which are legitimate, so caution should be exercised if removing these files.
How to prevent it: Disable QuickTime's CD-ROM AutoPlay feature. See Macintosh Viruses for further information about Macintosh threats.
