4-days Virus


 Virus Name:  4-days 
 Aliases:    
 V Status:    New 
 Discovery:   July, 1994 
 Symptoms:    .COM & .EXE growth; file date/time changes; 
              decrease in total system & available free memory 
 Origin:      Unknown 
 Eff Length:  1,358 - 1,372 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  F-Prot, IBMAV, AVTK, Sweep, ViruScan, NAV, 
                    NAVDX, VAlert, PCScan, 
                    AVTK/N, Sweep/N, IBMAV/N, NProt, NShld, NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The 4-days virus was received in July, 1994.  Its origin or point of 
       isolation is unknown.  4-days is a memory resident infector of .COM 
       and .EXE files, including COMMAND.COM. 
 
       When the first 4-days infected program is executed, the 4-days virus 
       will install itself memory resident at the top of system memory but 
       below the 640K DOS boundary, not moving interrupt 12's return.  Total 
       system and available free memory, as indicated by the DOS CHKDSK 
       program, will have decreased by 1,360 bytes.  Interrupt 21 will be 
       hooked by the virus in memory.  Also at this time, the virus will 
       infect COMMAND.COM if it was not previously infected. 
 
       Once the 4-days virus is memory resident, it will infect .COM and 
       .EXE files when they are executed.  Infected programs will have a 
       file length increase of 1,358 to 1,372 bytes with the virus being 
       located at the end of the file.  The program's date and time in the 
       DOS disk directory listing will have been updated to the current 
       system date and time when infection occurred.  The following text 
       strings are visible within the viral code in all infected files: 
 
          "COM EXE com exe OVL" 
          "ALIEN 1.0      written by P.K. on April 93     Good Luck !!!"

Show viruses from discovered during that infect .

Main Page