NATAS VIRUS

Information about the Natas virus:

This is a multipartite DOS virus that infects COM and EXE files under DOS, partition table (MBR) of hard disks and boot sectors of floppy disks. The virus stays in memory when an infected file is executed or when the computer is booted from an infected disk. When the virus is active in the memory, it will be infecting all the EXE and COM files opened or executed and it will be infecting the boot sector of all the floppy disks accessed. The virus infects the partition table of the hard disk the first time it infects the computer. The virus adds 4744, 4746, 4774 or 4988 bytes while infecting the file depending on the perticular variant of this virus. Natas is a stealth virus so it tries to hide its presence.

The virus contains the following text:

"Natas BACK MODEM Time has come to pay (C)1994 NEVER-1

Yes I know my enemies. They're the teachers who taught me to fight me Compromise, conformity, assimilation, submission Ignorance, hypocrisy, brutality, the elite All of whitch are American dreams (C)1994 by Never-1(Belgium Most Hated) Sandrine B. "
Natas has a dangerous payload that gets activated randomly. When the payload is triggered, this virus destroys the data stpred in the hard dislk.

Natas virus first appeared in 1995 and it is in the wild.

Other names of Natas virus:
This worm is also known as Satan, Natas.4744, Natas.4746, Natas.4774 and Natas.4988.

ONE -- HALF VIRUS

Information about the One-half virus:

This is a multipartite DOS virus that infects COM and EXE files under DOS and partition table (MBR) of hard disks. The virus stays in memory when the computer is booted from an infected disk. When the virus is active in the memory, it will be infecting all the EXE and COM files opened or executed in the floppy and network drives. It will not infect files in the hard disk. The virus infects the partition table of the hard disk the first time it infects the computer. The virus adds 3518, 3544 or 3577 bytes while infecting the file depending on the perticular variant of this virus. One-half is a stealth virus so it tries to hide its presence. It also tries not infect some anti-virus programs like SCAN, CLEAN, FINDVIRU, GUARD, NOD, VSAFE and MSAV.

The virus contains the following text:

Dis is one half.
Press any key to continue ...
Did you leave the room ?

One-half virus encrypts the infected hard disk contents. Each time the computer is booted the virus encrypts 2 cylinders of the hard disk from the end. The last encrypted cylinder number and the encryption keys are stored in the partition table of the had disk.When the virus is in memory, it decrypts the data when it is accessed so the user will not notice the encryption taking place. The encrypted data will be lost if the virus is removed from the partition table without decrypting the data first. When Protector Plus detects one-half, it decrypts the data first and then removes the virus.

One-half virus first appeared in 1995 and it is in the wild.

Other names of One-half virus:
This worm is also known as onehalf, free love, dis, onehalf.madjid, onehalf.3518, onehalf.3544, onehalf.3577 and slovak bomber.

DIE -- HARD VIRUS

Information about the Die-hard virus:

This virus infects COM and EXE files under DOS. The virus stays in memory when an infected file is executed. When the virus is active in the memory, it will be infecting all the EXE and COM files opened or executed. The virus adds 4000 bytes while infecting the file. One peculiar characteristic of this virus is that it adds some code to all ASM or PAS source files opened.
Die-hard virus has a payload that triggers on a Tuesday if the date is 3rd, 11th, 15th or 28th. On the trigger day after infecting at least 13 files, Die-hard virus displays S and W characters all over the screen. This display only works if the display mode is switched to graphics.

Die-hard virus first appeared in 1994 and it is in the wild.

Other names of Die-hard virus:
This virus is also known as DH2.