Particle Man Virus

Virus Name: Particle Man Aliases: V Status: Rare Discovered: September, 1992 Symptoms: .COM file growth; overwrites C:\AUTOEXEC.BAT & C:\CONFIG.SYS Origin: New Mexico, United States Eff Length: 690 Bytes Type Code: PNCK - Parasitic Non-Resident .COM Infector Detection Method: ViruScan, F-Prot, IBMAV, Sweep, AVTK, VAlert, NAV, NAVDX, PCScan, ChAV, NShld, Sweep/N, NProt, AVTK/N, IBMAV/N, Innoc, NAV/N, Innoc 4.0+ Removal Instructions: Delete infected files General Comments: The Particle Man virus was discovered in the State of New Mexico in the United States in September, 1992. Particle Man is a non- resident, direct action infector of .COM programs, including COMMAND.COM. When a program infected with the Particle Man virus is executed, the Particle Man will infect all .COM programs located in the current directory, as well as overwriting the AUTOEXEC.BAT and CONFIG.SYS files. Programs infected with the Particle Man virus will have a file length increase of 690 bytes with the virus being located at the end of the file. The file's date and time in the DOS disk directory listing will not be changed. The following text strings are encrypted within the virus, and are not visible in infected .COM programs: "Particle man, particle man Doing the things a particle can What's he like? It's not important Particle man Is he a dot, or is he a speck? When he's underwater does he get wet? Or does the water get him instead? Nobody knows, Particle man (c) Copyright Drizzt Do'Urden '92" "*.COM *.* .. Particle Man doesn't appear to do anything besides replicate, though its overwriting the AUTOEXEC.BAT and CONFIG.SYS files will result in system boot problems. Known variant(s) of Particle Man are: Particle Man 2: Functionally equivalent to the original virus, this is a minor variant. Origin: New Mexico, United States September, 1992.