Overdoze Virus


 Virus Name:  Overdoze 
 Aliases:     Overdoze.470 
 V Status:    New 
 Discovered:  July, 1995 
 Symptoms:    .COM file growth; file date/time seconds = "02"; 
              some .COM/.EXE may appear smaller in DOS directory listing; 
              decrease in available memory 
 Origin:      Unknown 
 Eff Length:  470 Bytes 
 Type Code:   PRhCK - Parasitic Resident .COM Infector 
 Detection Method: F-Prot, AVTK, VAlert, Sweep, NAV, NAVDX, IBMAV, 
                   ViruScan, PCScan, ChAV, 
                   NShld, NAV/N, Sweep/N, IBMAV/N, AVTK/N, NProt, Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Overdoze or Overdoze.470 virus was received in July, 1995, 
       along with one variant, Overdoze.472.  Their origin or point of 
       isolation is unknown.  Overdoze is a memory resident infector of 
       .COM files, including COMMAND.COM. 
 
       When the first Overdoze infected program is executed, this virus 
       will install itself memory resident at the top of system memory 
       but below the 640K DOS boundary, not moving interrupt 12's return. 
       Available free memory, as indicated by the DOS CHKDSK program from 
       DOS 5.0, will have decreased by 496 bytes.  Interrupt 21 will be 
       hooked by the virus in memory. 
 
       Once the Overdoze virus is memory resident, it will infect .COM 
       files, including COMMAND.COM, when they are executed.  Infected 
       files will have a file length increase of 470 bytes, though this 
       file length increase will be hidden when the virus is resident 
       in memory.  The virus will be located at the end of the file.  The 
       file's date and time in the DOS disk directory listing will not 
       appear to be altered, though the seconds field will have been set 
       to "02", the infection marker for the virus.  The following text 
       string is visible within the viral code in all infected files: 
 
           "[Overdoze] (c) 1994 The Unforgiven/Immortal Riot" 
 
       The Overdoze virus hides the file length increase on infected files 
       by decreasing the file length shown in a DOS directory listing by 
       470 bytes for any file whoms file date/time seconds = "02".  As a 
       result, some uninfected files with a file date/time seconds field of 
       "02" will appear to be smaller than they actually are. 
 
       Known variant(s) of Overdoze are: 
       Overdoze.472: Also received in July, 1995, this is a 472 byte 
           variant.  It is functionally similar to the Overdoze virus 
           described above and contains the same text string. 
           Origin:  Unknown  July, 1995.

Show viruses from discovered during that infect .

Main Page