Orchid Virus


 Virus Name:  Orchid 
 Aliases:     Orchid.120 
 V Status:    Viron 
 Discovered:  July, 1995 
 Symptoms:    .COM file corruption; file date/time changes; 
              program corruption 
 Origin:      Unknown 
 Eff Length:  120 Bytes (Overwriting) 
 Type Code:   ONCK - Overwriting Non-Resident .COM Infector 
 Detection Method:  F-Prot, AVTK, VAlert, ViruScan, Sweep, NAV, NAVDX, 
                    IBMAV, PCScan, ChAV, 
                    AVTK/N, Sweep/N, NShld, NAV/N, IBMAV/N, NProt, Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Orchid virus was received in July, 1995.  It is a non-resident, 
       direct action overwriting virus which infects the first .COM file 
       located in the current directory. 
 
       When a program infected with the Orchid virus is executed, this 
       virus will infect the first .COM file in the current directory by 
       overwriting the first 120 bytes of the host program.  If COMMAND.COM 
       is the first .COM file in the directory, it will become infected 
       by the virus.  As this virus is an overwriting virus, it permanently 
       corrupts any program it infects, the first 120 bytes no being saved 
       by the virus.  The file's date and time in the DOS disk directory 
       listing will have been updated to the current system date and time 
       when the last infection of the file occurred.  The following text 
       string can be found starting in the sixth byte of all infected files: 
 
           "EŭGD" 
 
       Infected programs cannot be disinfected, and must be replaced with 
       uninfected backup copies.

Show viruses from discovered during that infect .

Main Page