Platov Virus

Virus Name: Platov Aliases: V Status: New Discovered: January, 1995 Symptoms: .COM file growth; file date/time seconds = "26"; system hangs; decrease in available free memory (DOS 5.0) Origin: Unknown Eff Length: 1,644 Bytes Type Code: PRhC - Parasitic Resident .COM Infector Detection Method: F-Prot, AVTK, IBMAV, ViruScan, Sweep, NAV, NAVDX, VAlert, ChAV, AVTK/N, IBMAV/N, NShld, Sweep/N, NProt, NAV/N, Innoc 4.0+ Removal Instructions: Delete infected files General Comments: The Platov virus was received in January, 1995. Its origin or point of isolation is unknown. Platov is a memory resident infector of .COM files, but not COMMAND.COM. System hangs may frequently occur on infected systems when programs or batch files are executed. When the first Platov infected program is executed, this virus will install itself memory resident at the top of system memory but below the 640K DOS boundary, not moving interrupt 12's return. Total available free memory, as indicated by the DOS CHKDSK program from DOS 5.0, will have decreased by approximately 32,752 bytes. Interrupts 09, 17, and 21 will be hooked by the virus in memory. Once the Platov virus is memory resident, it will infect .COM files, other than COMMAND.COM, when they are executed. This virus may also infect a .COM file in the current directory when an infected program is executed if the virus has previously become memory resident. Infected .COM files will have a file length increase of 1,644 bytes with the virus being located at the end of the file. The following text strings are encrypted within the viral code: "Access Denied Software presents The PC Virus" "Programmed by Andrey Platov" "gamesantCOMMAND*.COM"