Jump to content

Sign in to follow this  
Guest

Nasty Virus Alert, Please Read

Recommended Posts

Guest pilotsim7828

Phantom is a memory resident, file infecting virus. It infects .COM files. Although it does not infect COMMAND.COM Upon infection, the Phantom virus becomes memory resident at the top of system memory but below the 640K DOS boundary. Infected systems have interrupts 20 and 21 hooked by the virus. Once memory resident, the Phantom virus infects .COM files as they are executed or opened if the original file length is greater than 2K.Additional Comments:The Phantom virus was isolated in Hungary in January, 1991, by Dr. Szegedi Imre. This virus is a memory resident infector of .COM files, but not COMMAND.COM. The first time a program infected with the Phantom virus is executed, the Phantom virus will install itself memory resident at the top of system memory but below the 640K DOS boundary. Infected systems will have interrupts 20 and 21 hooked by the virus, and the DOS CHKDSK program will report total system and available memory as 2,704 bytes less than expected. After becoming memory resident, the Phantom virus will infect .COM programs as they are executed or opened if the original file length is greater than 2K. Infected programs will increase in size by 2,274 bytes with the virus being located at the end of infected programs. Systems infected with the Phantom virus will experience the following message being displayed intermittently when programs are executed: "HI ROOKIE! I``m a THESEASE! I live in YOUR computer - sorry... Thanks to Brains in the Computer Siences!" This message, as with the following text strings which also occur in the virus's code, cannot be seen in infected programs as they are encrypted. The other text strings which are encrypted in the viral code are: "The PHANTOM Was HERE - SORRY" "© PHANTOM - This virus was designed in the HUNGARIAN virus DEVELOPING LABORATORY. (H.V.D.L.) v1.0" Another symptom of the Phantom virus is that it will occasionally alter the system display so that what should start on the left side of the screen starts in the middle (it is shifted 50% with wrap around on the same line). Top of Page Symptoms The following message is displayed intermittently when files are executed: "HI ROOKIE! I``m a THESEASE! I live in YOUR computer - sorry... Thanks to Brains in the Computer Siences!" This message, as with the following text strings which also occur in the virus's code, cannot be seen in infected files as they are encrypted. The other text strings which are encrypted in the viral code are: "The PHANTOM Was HERE - SORRY""© PHANTOM - This virus was designed in the HUNGARIAN virus DEVELOPING LABORATORY. (H.V.D.L.) v1.0" Another symptom of the Phantom virus is that it occasionally alters the system display so that what should start on the left side of the screen starts in the middle (it is shifted 50% with wrap around on the same line).The DOS CHKDSK program reports total system and available memory as 2,704 bytes less than expected. Infected files increase in size by 2,274 bytes. The virus is located at the end of infected files. Top of Page Method Of Infection The only way to infect a computer with a file infecting virus is to execute an infected file on the computer. The infected file may come from a multitude of sources including: floppy diskettes, downloads through an online service, network, etc. Once the infected file is executed, the virus may activate. Top of Page Removal Instructions All Users:Script,Batch,Macro and non memory-resident:Use current engine and DAT files for detection and removal. PE,Trojan,Internet Worm and memory resident:Use specified engine and DAT files for detection. To remove, boot to MS-DOS mode or use a boot diskette and use the command line scanner:SCANPM /ADL /CLEAN /ALLAdditional Windows ME/XP removal considerationsAVERT recommends to users that they not trust file icons particular when received from others, such as P2P clients, IRC, email or other mediums where users can share files.AVERT Recommended Updates:* Office2000 Updates* Malformed Word Document Could Enable Macro to Run Automatically (Information/Patch) * scriptlet.typelib/Eyedog vulnerability patch * Outlook as an email attachment security update* Exchange 5.5 post SP3 Information Store Patch 5.5.2652.42 - this patch corrects detection issues with GroupShieldFor a list of attachments blocked by the Outlook patch and a general FAQ, visit this link. Additionally, Network Administrators can configure this update using an available tool - visit this link for more information. It is very common for macro viruses to disable options within Office applications for example in Word, the macro protection warning commonly is disabled. After cleaning macro viruses, ensure that your previously set options are again enabled. Top of Page Just to let you know , My Flight instructor Asked Me to help him fix his computer>>>>>This is a VERY NASTY virus,I tried to save his files from the infected disk by trying to install a new hard drive and formatting the new one ,Just to get rid of the memory,Reinstalled Windows on the new HD. IT worked ,NowHere it comes; As we were in Drive C: ( new HDD )And scanning drive D: ( Infected HDD ) with Antivirus methodsit was fine for a while the Anti virus sofware does not work with this type of virus, We saw all of the files in Drive D: ( infected files that is )as we scanned the files they were converted in to file called ;SUCC EDD.ESSThis scared me to death as he had lost everything on that hard drive. How would you recover from this ?REFORMATT AS QUICK AS YOU CAN, DO NOT SAVE ANY FILES, i FELT SO BAD AS WE TRIED TO SAVE THE FILES , but only one thing comes from it >>>>>You lost and the virus WINSJeff Akins

Share this post


Link to post
Share on other sites
Guest

Hellu my frind. I had nasty virus like you say it may cost me lost of moneies for my frind to do it for me as it now is OK.Chears for you JeffyIvor.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...