Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Helloween

This is a family of resident COM and EXE infectors having in most cases a graphic effect. The viruses infect files that are executed. They avoid files having characters identical with one of the following strings: SCAN, SHIE, TRAP, VIRU, VCOP, ASTA, ALIK, AZOR, REX, COMM, UEXE, UCOM, VIRT, CLEA, TSAF, NAV., INI., BOOT, 3P.E and F-PRO at the beginning of their name.

Helloween.1880, Helloween.1839
On the 10th and 20th day of a month these variants display the following white text on red background:

Virus napsany specialne pro inzenyra ZAKA ze SPS
*******************
Nepodlehejte panice, mate nakazeno jen par souboru... (c) 1993 II.A 1988 Tak a ted si vyzkousime treba: RESET Kdyby kazdy nespokojeny student napsal virus, tak v nasich skolach by ani jiny software nekoloval a McAfee by se divil...

(Translation: Virus written especially for Mr. ZAK from SPS.
Do not panic you have only a couple of files infected. c) 1993 II.A 1988
So, and now we can try for example: RESET If every unhappy student had written a virus there would have been no other software at our schools and McAfee would have been surprised...)

The variant Helloween.1839 is probably an older variant of the virus and it contains several errors.

Helloween.2470

This version displays the following message on the 5th and 24th day of a month:

- - -
- - Tm

-------- ---- -- -- ¦?¦?¦?¦ zdrojovy
-- -- -- -- -- ¦ ¦ ¦ text:
-- -- -- ---- ¦?¦?¦?¦ 867 radku
-- -------- -- --
-------- -- -- -- -- & spol.

(c) 1993 II.A 1988

Specialne pro ucitele SPS Prostejov: Ing. M. Zaka, Ing. J. Melku, Ing. P. Cizka, Ing. K. Kabrhela Ing. M. Blahu, Ing. M. Pavlovskeho a dalsi vyucujici.
Specialni podekovani patri:
Macrosoftu (sorry Microsoftu) za MeSsy DOS
Borlandu za TASM, TLINK, TD
Zdenku Breitenbacherovi za EDDIE 1.17


(Translation: Especially for teachers at SPS in Prostejov: Ing. M. Zak, Ing. J. Melka, Ing. P. Cizek, Ing. K. Kabrhel Ing. M. Blaha, Ing. M. Pavlovsky and other teachers.
Special thanks go to:
Macrosoft (sorry Microsoftu) for MeSsy DOS
Borland for TASM, TLINK, TD
Zdenek Breitenbacher for EDDIE 1.17)

Hellowen.1376, Helloween.1377, Helloween.1384, Helloween.1401,Helloween.1430, Helloween.1477

On November 1 these variants display the following text on red background:

Nesedte porad u pocitace a zkuste jednou delat neco rozumneho! ******************* !! Poslouchejte HELLOWEEN - nejlepsi metalovou skupinu !!
(Translation: Don’t you sit at the computer all the time! Try to do something reasonable for once! ******** !! Listen to HELLOWEEN – the best metal group)


Helloween.1063, Helloween.1227, Helloween.1228, Helloween.1182, Helloween.1288

These viruses are different from the previous ones, as they control not only the interrupt INT 21H but also interrupt INT 13H support.

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.