Pinky Virus


 Virus Name:  Pinky 
 Aliases:     Pinky Ghost 
 V Status:    Rare 
 Discovery:   September, 1993 
 Symptoms:    .COM files created; Cursor may disappear; 
              Programs may fail to function properly; 
              interrupts 01 and 03 hooked in available free memory 
 Origin:      Unknown 
 Eff Length:  952 Bytes 
 Type Code:   PSaE - Spawning Resident .EXE Infector 
 Detection Method:  F-Prot, ViruScan, Sweep, AVTK, IBMAV, PCScan, 
                    NAV, NAVDX, VAlert, ChAV, 
                    NShld, Sweep/N, AVTK/N, NProt, IBMAV/N, NAV/N, LProt, 
                    Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Pinky, or Pinky Ghost, virus was submitted in September, 1993, 
       and is one of three related viruses which all have names of 
       characters from the popular Pac-Man video game.  Pinky is a memory 
       resident, spawning or companion virus which infects .EXE files by 
       creating corresponding .COM files. 
 
       When the first Pinky infected program is executed, the virus will 
       install a portion of itself memory resident in available free memory, 
       hooking interrupts 01 and 03.  This is an attempt by the virus to 
       avoid having debugger programs used against it.  The virus then goes 
       on to infect programs as indicated below. 
      
       When a program infected with the Pinky virus is executed, this 
       virus will infect three or more .EXE programs located in the current 
       directory by creating a .COM file with the same base file name.  These 
       corresponding or companion files will be 952 bytes in length, and have 
       the Read Only attribute set.  The companion file's date and time in 
       the DOS disk directory listing will match the .EXE file.  The 
       following text strings are visible within the viral code in all of the 
       Pinky companion files: 
 
               "[Pinky Ghost]" 
               "*.EXE" 
               ".COM" 
               ".EXE" 
               "The Pac-Man PINKY Ghost is watching." 
               "(Can you find Inky?)" 
 
       It is unknown what Pinky may do besides replicate. 
 
       Known variant(s) of Pinky are: 
       Pinky.Clyde: A 5,120 byte variant of Pinky, Pinky.Clyde infects 
            one .EXE program in the current directory each time an infected 
            program is executed.  The host program will copy the host program 
            with the same base file name and a file extension of .PAC, the 
            file attributes will be set to Read-Only and Hidden.  The virus 
            then overwrites the first 5,120 bytes of the host file.  Programs 
            which were originally larger than 65,535 bytes will become 65,535 
            bytes in length.  The program's date and time in the DOS disk 
            directory listing will not be altered.  The following text 
            strings are encrypted within the viral code: 
            "[Clyde Ghost]" 
            "*.EXE" 
            "!@-!@-!@.COM !.!" 
            "The Pac-Man CLYDE Ghost is watching.." 
            "(are we getting irritating?)" 
            Some infected .EXE programs, when executed, will return the user 
            to the DOS prompt with the following message: 
            "Program too big to fit in memory" 
            Origin:  Unknown  July, 1994. 
 
       See:   Blinky   Inky

Show viruses from discovered during that infect .

Main Page