Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Mirea

All members of this family are memory resident COM and EXE infectors. They do not attack files containing “internal overlay” and some of them present graphical displays.

Mirea.703

It occasionally creates README.!!! with text in Russian language „Pozdravljaem Proforga gruppy A1-94 s 8 marta !

Mirea.737

Contains simple anti-debugging tricks.

Mirea.925

This is a stealth virus containing an error; because of it the virus keeps setting the same time of origin on the attacked files. At certain circumstances it may cause a cold start of the system.

Mirea.930

It inserts the string “MIREA” in Cyrillic into the keyboard buffer.

Mirea.944

Commencing in February, always on the first Monday after the 18th day in a month after 12 o’clock noon the virus enciphers the MBR on the disk C.

Mirea.950

On November 30th, June 12th and December 31st the virus overwrites the MBR and the boot sector on disk C by random data. The virus contains text in Cyrillic „MGUL. VTB-11. v1.0“

Mirea.958

Occasionally inserts the string “MIREA-II” in Cyrillic into the keyboard. In addition, the virus body contains the following text:

HELLO HACKERS FROM MIREA

Mirea.1086

After 1000 keystrokes enters the text “MIREA” in Cyrillic into the buffer.

Mirea.1766

A polymorphic virus with anti-heuristic and anti-debugging code. It has the same way of presenting itself as Mirea.1086 . In its body there is the text string

HELLO HACKERS FROM MIREA

Mirea.1788, Mirea.1800, Mirea.1832

If no key is pressed for 30 minutes a red frame with text in Cyrillic is displayed on the screen:

Vas privestvuet Licej informacionnych technologij Moskva Lomonosovskij prospekt 16 Telefon 133-20-60

Mirea.1832 writes text already after six minutes. By the end of the virus body it contains the following text:

Welcome to Lycee of Information Technologies !

Mirea.1888, Mirea.1901, Mirea.1950

If for 15 minutes no disk or keyboard operation is performed a red window with the text is displayed:

You are welcome ! Moscow Institute of Radioengeneering, Electronics and Automatisation Moscow Vernadsky Avenue 78 Phone of MIREA: 433-00-66

Text in variants Mirea.1901 and Mirea.1950 is identical but in Cyrillic. There are more variants of the Mirea family of viruses which are slightly different in manifestation and length of body.

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.