Problem Virus


 Virus Name:  Problem 
 Aliases:     Problem-856 
 V Status:    Rare 
 Discovery:   October, 1992 
 Symptoms:    .COM & .EXE program growth; decrease in total system & 
              available free memory 
 Origin:      USSR 
 Eff Length:  856 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  AVTK, ViruScan, Sweep, IBMAV, F-Prot, VAlert, 
                    NAV, NAVDX, PCScan, ChAV, 
                    NShld, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N, 
                    LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Problem virus was received in October, 1992.  It is from the 
       USSR.  Problem is a memory resident infector of .COM and .EXE 
       programs, including COMMAND.COM. 
 
       When the first Problem infected program is executed, the Problem 
       virus will install itself memory resident at the top of system 
       memory but below the 640K DOS boundary.  Total system and 
       available free memory, as indicated by the DOS CHKDSK program, 
       will have decreased by 1,008 bytes.  Interrupt 21 will be hooked 
       by the virus.  Also at this time, COMMAND.COM will become 
       infected if it was not previously infected by the virus. 
 
       Once memory resident, the Problem virus will infect .COM and .EXE 
       programs when they are executed, copied, or opened for any reason. 
       Infected programs will have a file length increase of 856 bytes 
       with the virus being located at the end of the file.  The file's 
       date and time in the DOS disk directory listing will not be 
       altered.  The following text string can be found within the viral 
       code in all Problem infected programs: 
 
               "THIS IS YOUR PROBLEM !" 
 
       Execution of some anti-viral programs will hang when the Problem 
       virus is memory resident. 
 
       Known variant(s) of Problem are: 
       Problem-734: An earlier version of the Problem virus, this 
                    variant's size in memory is 896 bytes, also hooking 
                    interrupt 21.  It adds 734 bytes to the .EXE programs 
                    it infects, and does not contain any text strings. 
                    Unlike the Problem virus, it does not infect .COM files. 
                    The virus will be located at the end of the infected 
                    file, and the program's date and time in the DOS disk 
                    directory listing will not be altered. 
                    Origin:  USSR  December, 1992. 
       Problem.845: Received in July, 1995, this is an 845 byte variant 
                    of the Problem virus described above.  Its size in 
                    memory is approximately 864 byte, hooking interrupt 21. 
                    This variant will sometimes reinfect memory, so it could 
                    occupy a larger amount of memory than indicated above. 
                    It adds 845 bytes to the .COM and .EXE programs it 
                    infects, and contains the following text string: 
                    "dATA kILLER !" 
                    Origin:  Unknown  July, 1995. 
       Problem-863: A 863 byte variant of the Problem virus, this 
                    variant's size in memory is 1,024 bytes, also hooking 
                    interrupt 21.  It adds 863 bytes to the .COM and 
                    .EXE programs it infects, and contains the same text 
                    string.  The system hangs which sometimes occur 
                    executing the anti-viral programs with the original 
                    virus in memory do not occur with this variant. 
                    Origin:  USSR  October, 1992.

Show viruses from discovered during that infect .

Main Page