Polish 217 Virus

Virus Name: Polish 217 Aliases: 217, Polish Stupid, V217 V Status: Rare Discovered: October, 1990 Symptoms: .COM growth; system reboot Origin: Koszalin, Poland Eff Length: 217 Bytes Type Code: PNCK - Parasitic Non-Resident .COM Infector Detection Method: ViruScan, AVTK, F-Prot, NAV, Sweep, IBMAV, NAVDX, VAlert, PCScan, ChAV, NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N Removal Instructions: Delete infected files General Comments: The Polish 217, or Polish Stupid, virus was discovered in Koszalin, Poland, in October, 1990. This virus is a non-resident infector of .COM files, including COMMAND.COM. When a program infected with the Polish Stupid virus is executed, the virus will infect the first uninfected .COM file found in the current directory. Infected .COM files will increase in length by 217 bytes with the virus's code being located at the end of the file. Infected files will also end with the hex string 5757h. The file's date and time in the disk directory is not altered. A side note on this virus: when the copy of COMMAND.COM pointed to by the COMSPEC environmental variable is infected by the virus, the system will experience a warm reboot. This virus does nothing besides replicating in its current version. Known variant(s) of Polish 217 are: Polish 217 B: The Polish 217 B variant's major difference is that when COMMAND.COM is infected, a warm reboot does not occur. Execution of COMMAND.COM will result in the error message: "Specified COMMAND search directory bad". Execution of infected programs may also result in the following message being displayed and the program terminated: "????????COM Path not found." Programs which can detect Polish 217 may not be able to detect Polish 217 B as it has been altered. Scan V72 and below will not detect it. Polish 217 C: The Polish 217 C variant is very similar to the Polish 217 B variant. It has had 14 bytes altered in order to avoid detection by some anti-viral products.