Pascal-5220 Virus


 Virus Name:  Pascal-5220 
 Aliases:     Pas-5220, Reboot Patcher 
 V Status:    Viron 
 Discovered:  August, 1992 
 Symptoms:    .COM & .EXE files corrupted/ overwritten; 
              unexpected system reboots; seconds in file time = "00" 
 Origin:      USSR 
 Eff Length:  5,220 Bytes 
 Type Code:   ONAK - Overwriting Non-Resident .COM & .EXE Infector 
 Detection Method:  F-Prot, ViruScan, Sweep, AVTK, ChAV, 
                    IBMAV, NAV, NAVDX, VAlert, PCScan, 
                    NShld, Sweep/N, Innoc, AVTK/N, NAV/N, NProt, IBMAV/N, 
                    LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Pascal-5220 or Reboot Patcher virus was received in August, 
       1992.  This virus is a non-resident overwriting virus which 
       infects or trojanizes .COM and .EXE programs. 
 
       When a program infected with Pascal-5220 is executed, this virus 
       will access the B: and C: drives, trojanizing all .COM programs 
       by overwriting the beginning of the file with code to reboot 
       the system when executed.  The virus will then infect several 
       .COM & .EXE programs in the current directory by overwriting the 
       first 5,220 bytes of the program with the viral code.  There will be 
       no change to the length of infected programs.  The seconds field of 
       the file time in the DOS disk directory will be set to "00".  The 
       following text strings can be found within the viral code in 
       infected programs: 
 
               "*.com" 
               "*.exe" 
               "*.zip" 
               "*.arc" 
               "05520" 
               "CJu" 
 
       Systems infected with Pascal-5220 will experience frequent system 
       reboots, and may notice that the time has disappeared from the 
       DOS disk directory on some programs.

Show viruses from discovered during that infect .

Main Page