Poison Virus


 Virus Name:  Poison 
 Aliases:     Poison 1 
 V Status:    Rare 
 Discovered:  May, 1993 
 Symptoms:    .COM & .EXE growth; 
              decrease in total system & available free memory 
 Origin:      Mexico 
 Eff Length:  2,416 - 2,436 Bytes 
 Type Code:   PRhA - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  ViruScan, Sweep, AVTK, F-Prot, VAlert, IBMAV, ChAV, 
                    NAV, NAVDX, PCScan, 
                    NShld, Sweep/N, AVTK/N, IBMAV/N, NAV/N, Innoc 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Poison, or Poison 1, virus was isolated in Mexico in May, 1993. 
       Poison is a memory resident infector of .COM and .EXE programs. 
       While Poison doesn't infect COMMAND.COM, a later version (Poison 2) 
       does infect COMMAND.COM.  The Poison virus is a highly modified 
       version of the Jerusalem and Moctezumas Revenge viruses. 
 
       When the first Poison infected program is executed, the Poison 
       virus will install itself memory resident at the top of system 
       memory but below the 640K DOS boundary, hooking interrupts 08, 13, 
       and 21.  Total system and available free memory, as indicated by the 
       DOS CHKDSK program, will have decreased by 2,432 bytes.  Interrupt 
       12's return will not be moved. 
 
       Once the Poison virus is memory resident, it will infect .COM and 
       .EXE programs, other than COMMAND.COM, when they are executed. 
       Infected .COM programs will have a file length increase of 2,416 
       bytes with the virus being located at the beginning of the file. 
       .EXE programs increase in size by 2,416 to 2,436 bytes with the 
       virus being located at the end of the file.  The program's date and 
       time in the DOS disk directory listing will not be altered.  The 
       following text string is encrypted within the Poison viral code: 
 
               "Mon 5-1" 
 
       It is unknown what Poison does besides replicate. 
 
       Known variant(s) of Poison are: 
       Poison 2: Isolated in Mexico in June, 1993, Poison 2 is a minor 
                 variant of Poison.  The basic difference is that this 
                 variant will also infect COMMAND.COM.  The text string 
                 encrypted within the virus has been changed to: 
                 "Wed 6-0" 
                 Origin:  Mexico  June, 1993. 
       Poison 3: Isolated in Mexico in June, 1993, Poison 3 is a minor 
                 variant of Poison.  Like Poison 2, this variant will also 
                 infect COMMAND.COM.  The text string encrypted within the 
                 virus has been changed to: 
                 "Fri 6-1" 
                 Origin:  Mexico  June, 1993. 
 
       See:   Jerusalem   Moctezumas Revenge

Show viruses from discovered during that infect .

Main Page