Selected viruses, spyware, and other threats: sorted alphabetically

This is the first multi-partite DOC and VxD infector in the word. After the infected document is read into the MS Word the virus creates the file C:\RUNME.EXE containing PE dropper of the virus. The dropper is executed and it inserts the virus into VxD controllers according to the following list:

eisa.vxd, filesec.vxd, isapnp.vxd, logger.vxd, lpt.vxd, lptenum.vxd, msmouse.vxd, mssp.vxd, nwserver.vxd, mwsp.vxd, paralink.vxd, pci.vxd, serenum.vxd, serial.vxd, spap.vxd, splitter.vxd, unimodem.vxd, vfd.vxd, vgateway.vxd, wsipx.vxd, wsock.vxd

These attacked controllers are chosen so that at least one of them is loaded into memory and activated upon the system restart. After activation of the attacked controller each document of DOC format being opened will be infected regardless the program which opens it (the virus does not need Word for infecting documents). The virus contains the following texts:

HZDS virus (the word 1st direct VxD infector and the 2nd Word 6/7 infector)
(c) Navrhar (DESIGNer in english), Slovakia
21-oct-97
Diz virus has been written in Banska Bystrica city, Slovakia

A text in hacker script which after transcription sounds: Welcome to the HZDs virus greetingz area ! GreetingZ: Vyvojar, Ender, Nasty Lamer & Ugly Luser, MGL, Nightmare Joker. Special greetz: author of the Anarchy.6193 (I wanted to be 1st but the honor belongs to you - unfortunately) Many fucks goes to to: HZD$, Vlado M. (Dictator) sponsored by *-Zine (the best VX- ever)

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.