Andromeda 1.0 Virus


 Virus Name:  Andromeda 1.0 
 Aliases:     Andromeda.1140 
 V Status:    Rare 
 Discovery:   June, 1993 
 Symptoms:    .COM file growth; interfers with some anti-viral programs 
 Origin:      Hungary 
 Eff Length:  1,140 Bytes 
 Type Code:   PNC - Parasitic Non-Resident .COM Infector 
 Detection Method:  ViruScan, AVTK, F-Prot, Sweep, IBMAV, 
                    NAV, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, AVTK/N, Sweep/N, NProt, IBMAV/N, NAV/N, Innoc, 
                    LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Andromeda 1.0 virus was received from Hungary in June, 1993. 
       Andromeda 1.0 is a non-resident, direct action infector of .COM 
       programs, but not COMMAND.COM.  A later version of this virus, 
       Andromeda 1.1, is listed separately as it has different basic 
       characteristics. 
 
       When a program infected with the Andromeda 1.0 virus is executed, 
       the Andromeda 1.0 virus will infect two .COM programs located in 
       the current directory.  Infected programs will have a file length 
       increase of 1,140 bytes with the virus being located at the 
       beginning of the file.  The program's date and time in the DOS 
       disk directory listing will not be altered.  The following text 
       strings are encrypted within the Andromeda 1.0 viral code, and 
       are thus not visible within infected programs: 
 
               "-= The Andromeda Strain >-  Version 1.00" 
               "By : Crypt Keeper" 
               "Mission Complete...  Have fun with your virus(es)" 
               "\ANDROM.SEC *.COM" 
               "RUNME.COM COMMAND.COM SCAN.EXE CLEAN.EXE NAV.EXE 
                NAV_._NO" 
 
       Andromeda 1.0 may interfer with the functioning of some of the 
       above programs if they are located on non-write protected 
       diskettes. 
 
       See:   Andromeda 1.1

Show viruses from discovered during that infect .

Main Page