Porridge Virus


 Virus Name:  Porridge 
 Aliases:    
 V Status:    Rare 
 Discovered:  June, 1993 
 Symptoms:    .COM file growth; file date/time changes; .COM files disappear 
 Origin:      Unknown 
 Eff Length:  1,384 Bytes 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method:  F-Prot, AVTK, IBMAV, Sweep, ViruScan, 
                    NAV, NAVDX, VAlert, ChAV, 
                    AVTK/N, NShld, Sweep/N, IBMAV/N, Innoc, NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Porridge virus was submitted in June, 1993.  Its origin is 
       unknown.  Porridge is a non-resident, direct action infector of 
       .COM files, including COMMAND.COM.  It hides the .COM programs it 
       infects. 
 
       When a program infected with Porridge is executed, the virus will 
       infect one .COM file located in the current directory.  Infected 
       programs have a file length increase of 1,384 bytes, unless they 
       were originally smaller than 1,384 bytes.  In the case of files 
       which were originally smaller than 1,384 bytes, they will become 
       2,768 bytes in length after infection.  The virus will be located 
       at the beginning of the infected file.  The program's date and time 
       in the DOS disk directory listing will have been updated to the 
       current system date and time when infection occurred.  Additionally, 
       this virus sets the Hidden attribute on files it infects, so files 
       infected with Porridge will disappear from the DOS directory listing. 
 
       The following text strings can be found within the viral code in all 
       Porridge infected programs: 
 
               "Error" 
               "????????COM" 
               "*.com"

Show viruses from discovered during that infect .

Main Page