Polifemo Virus

Virus Name: Polifemo Aliases: Polifemo.906 V Status: Rare Discovered: July, 1994 Symptoms: .COM file growth; file date/time changes Origin: Unknown Eff Length: 906 Bytes Type Code: PNCK - Parasitic Non-Resident .COM Infector Detection Method: F-Prot, AVTK, IBMAV, ViruScan, Sweep, NAV, NAVDX, VAlert, PCScan, ChAV, Sweep/N, IBMAV/N, AVTK/N, NShld, NProt, NAV/N, LProt, Innoc 4.0+ Removal Instructions: Delete infected files General Comments: The Polifemo virus was received in July, 1994. Its origin or point of isolation is unknown. Polifemo is a non-resident, direct action infector of .COM programs, including COMMAND.COM. When a program infected with the Polifemo virus is executed, this virus will infect two .COM programs located in the current directory. Programs infected with the Polifemo virus will have a file length increase of 906 bytes with the virus being located at the end of the file. The program's date and time in the DOS disk directory listing will have been updated to the current system date and time when the infection occurred. The following text string is visible within the viral code in all Polifemo infected programs: "**** Polifemo ****" Known variant(s) of Polifemo are: Polifemo.736: Received in July, 1995, this is a 736 byte variant of the Polifemo virus described above. Like the original virus, it infects two .COM files in the current directory when an infected program is executed. Infected programs will have a file length increase of 736 bytes with the virus being located at the end of the file. The program's date and time in the DOS disk directory listing will not be altered. The text string from the original virus also occurs in this variant. Origin: Unknown July, 1995.