Esta pagina ha sido traida exclusivamente como una novedad para los navegantes que recalen en mi pagina. Ni yo, ni por supuesto Fortunecity, nos hacemos cargo de lo que os pase, o los da�os que causeis devido a los downloads aqui obtenibles. Virus abundan, pero con el codigo fuente tan claro y ademas comentado..... Bueno vosotros sabreis lo que haceis. �Disfrutadlo....SOLOS! VXN Department of Viric Resources University of Oviedo U.C.G. University Computing Group
	Android Author: Vecna/29A Origin: Brazil Native of: DOS platform Objects: MBR, boot sectors Residency: int 13h Behavior: this virus uses VRBL, the first polymorphic engine specifically designed for boot viruses, written by Vecna. It installs itself in 0/0/3 in hard drives and in 0/1/13 in floppies, thus forcing AVs to change their boot virus detection algorithms as nowadays no AV product scans other sector than 0/0/1.
	AntiCARO Author: Mister Sandman/29A Origin: Spain Native of: DOS platform Objects: COM files Residency: int 21h Behavior: it is a joke virus to protest against the way Vesselin Bontchev and CARO in general name viruses. It modifies AVP by using some undocumented tricks so this AV will detect VLAD's Bizatch virus as "Bizatch_:P", and not as Boza.
	Anti-ETA Author: GriYo/29A Origin: Spain Native of: DOS platform Objects: COM, EXE files Residency: int 3, int 21h, int 22h, int 28h Behavior: it is a polymorphic retro virus with lots of technical features such as its residency method. The Anti-ETA virus was written in order to protest against the independentist group ETA and their killings and kidnaps. The virus activates every july 10th (date in which Miguel Angel Blanco was kidnapped) by printing a white hand in the screen in which reads "Anti-ETA".
	Apocalyptic Author: Wintermute/29A Origin: Spain Native of: DOS platform Objects: COM, EXE files Residency: int 3, int 21h Behavior: it is a stealth COM and EXE infector which disables TbDriver on every execution and skips F-Prot's stealth detection engine. It has a payload which activates every july 26th by showing a fake filesize (29Ah) for all the files in the hard disk.
	AVP-Aids Author: Tcp/29A Origin: Spain Native of: DOS platform Objects: COM files Residency: n/a Behavior: this virus is an attempt to prove the capabilities to write and spread viruses using the APIs provided by AVPRO. It will insert a new viral database into AVP. This database forces then AVP to delete TbScan, Scan and F-Prot when being scanned, apart of not making possible to detect any virus, favoring the appearance of opportunist infections of other viruses.
	Cabanas Author: Jacky Qwerty/29A Origin: Peru Native of: Win32 platforms Objects: PE files Residency: per process Behavior: it's a very complex resident antidebugging retro Win32 infector which tries to hit every file when accessed by performing a per process API hooking, including GetProcAddress. Besides, Cabanas also uses direct action infection. The disinfection of infected files is almost impossible as well as its debugging under TD32. Cabanas is, undoubtly, the best Win32 PE infector so far.
	CAP Author: Jacky Qwerty/29A Origin: Peru Native of: WinWord platform Objects: DOC, RTF files Residency: n/a Behavior: this is a macro virus which overcomes two of the most important obstacles for the spreading of this kind of viruses. First it's able to work under any version of Word without depending on the language it uses. And second it avoids the "FileSaveAs" problem and is able to be saved to any path or drive. CAP, dedicated to Carlos Andres Perez (the president of Venezuela), ranks the 1st position nowadays as the most widespread virus in the world.
	Cri-Cri Author: GriYo/29A Origin: Spain Native of: DOS platform Objects: COM, EXE, MBR, boot Residency: int 3, int 13h, int 21h Behavior: Cri-Cri is a full-stealth polymorphic multipartite infector. It will not infect files either having the current date or any "V" in their names, as well as some AV executables. It activates on june 4th by displaying a message on the screen.
	Galicia Kalidade Author: Leugim San Origin: Spain Native of: WinWord platform Objects: DOC files Residency: n/a Behavior: it is an encrypted macro infector which hits documents whenever they are closed. Its payload consists on deleting MSDOS.SYS and IO.SYS when the string "dir a:" is found in any DOC. This virus was the tiniest one in its class for a long time.
	GoLLuM Author: GriYo/29A Origin: Spain Native of: DOS, Win 3.1x and Win95 platforms Objects: EXE files Residency: V86 int 21h (VxD) Behavior: this virus is the pioneer in its class, the class of the hybrid DOS/Win infectors. When an infected file is run, it will modify the SYSTEM.INI file in order to be loaded every time Windows is executed. When Windows is loaded again, Gollum will go resident by means of its VxD module, and then it will try to infect EXEs which are run in DOS windows.
	Internal Overlay Author: Tcp/29A Origin: Spain Native of: DOS platform Objects: COM files Residency: int 21h Behavior: this virus infects COM and EXE files without any need to modify their header, thus bypassing lots of CRC checking programs. The virus does this by appending an internal overlay to the file it infects and writing an overlay loader at the entry point. It is able, then, to infect EXEs which contain internal overlays.
	Jacky Author: Jacky Qwerty/29A Origin: Peru Native of: Win32 platforms Objects: PE files Residency: n/a Behavior: Jacky is world's first Win32 (Win32s/Win95/WinNT) virus, albeit it is not considered as so for most of the media, as they think Cabanas (written by the same author some months later) is. This virus (Jacky) however, is less complex and complete. It is a PE direct action infector, which uses the so called "29A infection technique for Win32", consisting on not assuming any hard-coded value for both KERNEL32 and their APIs.
	Lizard Author: Reptile/29A Origin: Canada Native of: DOS, Win95 platforms Objects: EXE files Residency: V86 int 21h (VxD) Behavior: it is a hybrid DOS/Win runtime EXE infector which goes resident under Windows95 by means of its VxD module, which is dropped in the \IOSUBSYS directory, thus being loaded on every boot of Win and not being necessary to modify SYSTEM.INI. When a DOS window is open it will intercept some functions of int 21h in order to hit as many EXEs as possible. It is 1967 bytes only.
	Orgasmatron Author: Vecna/29A Origin: Brazil Native of: DOS platform Objects: boot sectors Residency: int 1, int 8 Behavior: this is world's first boot virus which uses 386+ PMODE features and which does not hook int 13h in order to infect. Orgasmatron first checks for a 386+ processor by means of int 6, and if all is ok it will hook int 8 (in order to keep int 1 untouched) and int 1, which will receive the control whenever it's called from the DR3 debug breakpoint in order to infect boot sectors.
	Prion Author: Darkman/29A Origin: Denmark Native of: Win 3.1x platforms Objects: NewEXE, DLL files Residency: n/a Behavior: it is a direct action NewEXE and DLL cavity infector. When it's executed it looks in their victims for an area of its size (313 bytes) of constant data and then overwrites it with its code.
	RedCode Author: Wintermute/29A Origin: Spain Native of: DOS platform Objects: COM files Residency: int 21h Behavior: it is a payload-based TSR COM infector. Its payload consists on representing a fight between two CoreWar (the game A.K. Dewdney invented in 1984) warriors in a RedCode arena. The warriors are two persons Wintermute does not go along with.
	SuckSexee (v4.0) Author: GriYo/29A Origin: Spain Native of: DOS platform Objects: COM, EXE, SYS, MBR, boot Residency: int 12h, int 13h, int 1ch, int 21h, int 40h (UMB) Behavior: SuckSexee, named "Implant" by CARO, is a polymorphic, retro and full-stealth multipartite COM, EXE, SYS, MBR and boot infector, and is one of the most widespread viruses nowadays in the world according to the last "top tens". SuckSexee uses different poly engines, depending on the file format it is about to infect (it is different for COM/EXE, SYS and MBR/boot). It deletes lots of AV files and bypasses most of the current heuristic engines. It contains a payload which activates every june 4th by displaying a message on the screen.
	TheBugger Author: The Slug Origin: Spain Native of: DOS platform Objects: COM files Residency: int 1, int 3, int 21h, int 0cdh Behavior: this is a TSR COM infector whose main particularity consists on the fact that it traces every file it infects and looks for any "call" instruction in it. Depending on a random counter between 2 and 5 it chooses one of those "call" instructions in order to modify it and make it point to the viral code start. It uses as well a trick to avoid being deceived by resident programs which just return the virus residency value. If such a try to fool it is detected, the virus payload will activate. This payload just makes the user think his HD is being formatted.
	Torero Author: Mister Sandman/29A Origin: Spain Native of: DOS platform Objects: COM files Residency: int 13h, int 21h Behavior: Torero is a pretty curious TSR COM infector which doesn't store the original header of the files it infects in its code, but in the three first bytes of a reserved area of the directory entry of infected files, thus making its removal much more difficult. The virus uses as well another interesting feature, as it marks infected files by switching on the unused eighth attribute bit.
	Zohra Author: Wintermute/29A Origin: Spain Native of: DOS platform Objects: COM, EXE files Residency: int 21h Behavior: it is a double-encrypted polymorphic retro COM and EXE infector which hooks int 21h in order to become resident by means of the technique which consists on reducing the last MCB segment. This virus uses UUencode encryption for its first layer and poly NME (Necromantic Mutation Engine) for the second one. Zohra uses as well another own engine, "The Tourniquet Kode Analyzer", to get int 21h tunneled. Its payload activates on april 14th (the date of the 2nd spanish republic) by displaying a video effect.
Site supported by FORTUNECITY