x
Webroot Antivirus: The best protection against viruses, spyware data theft and hackers.
Description:
Details
XM
XM.823
These are not dangerous memory resident encrypted parasitic viruses. They hook INT 21h and write themselves to the end of COM and EXE except COMMAND.COM files that are executed, opened, renamed or when file attributes are read or modified. While installing memory resident the viruses with probability 1/8 (depending on the system timer) display the message:
[XyeBo_MHe], (c)Midnigh+Pr0wler
This viruses were posted to Russian local FIDO conferences in June 1998 and then found In-The-Wild.
XM.2379
It is a dangerous memory resident polymorphic parasitic virus, the polymorphic decryption code uses anti-debugging tricks. The virus hooks INT 21h and writes itself to the end of COM and EXE files that are executed. It does not infect the files: OMMAND.COM, DOS4GW.EXE, IBMIO.COM. While installing memory resident the virus also scans the C:\AUTOEXEC.BAT file and tries to infect files listed there.
On opening the SF-MAIL.CFG file the virus appends to it the strings:
[Miscellaneous]
DoorWay_Password 'GLORY'
On opening the T-MAIL.CTL file the virus adds the string:
T-Password GLORY
Under debugger the virus overwrites traced file with the text:
[X&^%$_MHe], (c)Midnigh+Pr0wler -=Version 2.1=-
Bugs fixed! Almost harmlessall
Copyright @2006 x