Peste Virus


 Virus Name:  Peste 
 Aliases:     Peste.2753 
 V Status:    New 
 Discovered:  May, 1996 
 Symptoms:    .COM & .EXE growth; 
              decrease in available free memory 
 Origin:      Unknown 
 Eff Length:  2,753 - 2,769 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  AVTK, IBMAV, ViruScan, NAV, NAVDX, 
                    AVTK/N, IBMAV/N, NShld, NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Peste virus was received in May, 1996.  Its origin or point of 
       isolation is unknown.  Peste is a memory resident encrypted virus 
       which infects .COM and .EXE files, including COMMAND.COM. 
 
       When the first Peste infected program is executed, this virus will 
       install itself memory resident at the top of system memory but below 
       the 640K DOS boundary, not moving interrupt 12's return.  Available 
       free memory, as indicated by the DOS CHKDSK program from DOS 5.0, 
       will have decreased by 2,752 bytes.  Interrupts 21 and 04 will be 
       hooked by the virus in memory, though they will not point to the 
       area in memory occupied by the virus. 
 
       Once the Peste virus is memory resident, it will infect .COM and 
       .EXE files, including COMMAND.COM, when they are executed.  Infected 
       programs will have a file length increase of 2,753 to 2,769 bytes 
       with the virus being located at the end of the file.  The program's 
       date and time in the DOS disk directory listing will not be altered. 
       The following text strings are encrypted within the viral code: 
 
           "Pest (c) 12/10/93 by (and best wishes from) PRIEST Int., 
            Gbw/Germany" 
           "ASCECLHVSPF-ACPRVINWI" 
 
       It is unknown what the Peste virus may do besides replicate.

Show viruses from discovered during that infect .

Main Page