Annihilator Virus


 Virus Name:  Annihilator 
 Aliases:     Annihilator.272 
 V Status:    New 
 Discovery:   July, 1995 
 Symptoms:    .COM file growth; file date/time seconds = "12" 
 Origin:      Unknown 
 Eff Length:  272 Bytes 
 Type Code:   PNC - Parasitic Non-Resident .COM Infector 
 Detection Method: F-Prot, AVTK, VAlert, Sweep, NAV, 
                   NAVDX, ViruScan, IBMAV, ChAV, PCScan, 
                   Sweep/N, AVTK/N, NShld, IBMAV/N, NAV/N, Innoc 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Annihilator or Annihilator.272 virus was received in July, 1995, 
       along with six variants.  Its origin or point of isolation is 
       unknown.  Annihilator is a non-resident, direct action infector of 
       .COM files, but not COMMAND.COM.  It also does not infect very 
       small .COM files. 
 
       When a program infected with the Annihilator virus is executed, this 
       virus will infect one .COM file located in the current directory. 
       Programs infected with the Annihilator virus will have a file length 
       increase of 272 bytes with the virus being located at the end of the 
       file.  The program's date and time in the DOS disk directory listing 
       will not appear to be altered, though the seconds field will have 
       been set to "12".  The following text string is encrypted within the 
       viral code: 
 
           "*.com HtTM's Annihilator" 
 
       It is unknown what the Annihilator virus does besides replicate. 
 
       Known variant(s) of Annihilator are: 
       Annihilator.272.B: Received in January, 1996, Annihilator.272.B 
           is a 272 byte variant of the Annihilator virus described above. 
           Like the original, it infects one .COM file in the current 
           directory when an infected program is executed, increasing the 
           program's length by 272 bytes.  The virus will be located at the 
           end of the file.  The file date/time seconds field will have been 
           set to "12".  It contains the same encrypted text string as the 
           original virus. 
           Origin:  Unknown  January, 1996. 
       Annihilator.276: Received in January, 1996, Annihilator.276 is 
           a 276 byte variant of the Annihilator virus described above.  It 
           adds 276 bytes to the .COM programs it infects.  The virus will 
           be located at the end of the host program.  The file's date and 
           time in the DOS disk directory listing will not appear be 
           altered, though the seconds field will have been set to "12". 
           The following text string is encrypted within the viral code: 
           "*.com HtTM's Annihilator" 
           Origin:  Unknown  January, 1996. 
       Annihilator.280: Received in January, 1996, Annihilator.280 is 
           a 280 byte variant of the Annihilator virus described above.  It 
           adds 280 bytes to the .COM programs it infects.  The virus will 
           be located at the end of the host program.  The file's date and 
           time in the DOS disk directory listing will not appear be 
           altered, though the seconds field will have been set to "12". 
           The following text string is encrypted within the viral code: 
           "*.com HtTM's Annihilator (SMALL)" 
           Origin:  Unknown  January, 1996. 
       Annihilator.298: Received in January, 1996, Annihilator.298 is 
           a 298 byte variant of the Annihilator virus described above.  It 
           adds 298 bytes to the .COM programs it infects in the C: drive 
           root directory.  The virus will be located at the end of the host 
           program.  The file's date and time in the DOS disk directory 
           listing will not appear be altered, though the seconds field will 
           have been set to "12".  The following text string is encrypted 
           within the viral code: 
           "*.com HtTM's Annihilator" 
           Origin:  Unknown  January, 1996. 
       Annihilator.299: Received in January, 1996, Annihilator.299 is 
           a 299 byte variant of the Annihilator virus described above.  It 
           adds 298 bytes to the .COM programs it infects in the C: drive 
           root directory.  The virus will be located at the end of the host 
           program.  The file's date and time in the DOS disk directory 
           listing will not appear be altered, though the seconds field will 
           have been set to "12".  The following text string is encrypted 
           within the viral code: 
           "*.com HtTM's Annihilator" 
           Origin:  Unknown  January, 1996. 
       Annihilator.304: Also received in July, 1995, Annihilator.304 is 
           a 304 byte variant of the Annihilator virus described above.  It 
           adds 304 bytes to the .COM programs it infects.  The virus will 
           be located at the end of the host program.  The file's date and 
           time in the DOS disk directory listing will not appear be 
           altered, though the seconds field will have been set to "12". 
           The following text string is encrypted within the viral code: 
           "*.com [HtTM's Annihilator v2.00]" 
           Origin:  Unknown  July, 1995. 
       Annihilator.305: Received in January, 1996, Annihilator.305 is 
           a 305 byte variant of the Annihilator virus described above.  It 
           adds 305 bytes to the .COM programs it infects in the C: drive 
           root directory.  The virus will be located at the end of the host 
           program.  The file's date and time in the DOS disk directory 
           listing will not appear be altered, though the seconds field will 
           have been set to "12".  The following text string is encrypted 
           within the viral code: 
           "*.C?M The great Sirius Rip Off Virus!" 
           Origin:  Unknown  January, 1996. 
       Annihilator.308: Received in January, 1996, Annihilator.308 is 
           a 308 byte variant of the Annihilator virus described above.  It 
           adds 308 bytes to the .COM programs it infects.  The virus will 
           be located at the end of the host program.  The file's date and 
           time in the DOS disk directory listing will not appear be 
           altered, though the seconds field will have been set to "12". 
           The following text string is encrypted within the viral code: 
           "*.com [HtTM's Annihilator v2.00]" 
           Origin:  Unknown  January, 1996. 
       Annihilator.314: Received in January, 1996, Annihilator.314 is 
           a 314 byte variant of the Annihilator virus described above.  It 
           adds 314 bytes to the .COM programs it infects.  The virus will 
           be located at the end of the host program.  The file's date and 
           time in the DOS disk directory listing will not appear be 
           altered, though the seconds field will have been set to "12". 
           The following text string is encrypted within the viral code: 
           "*.com [HtTM's Annihilator v2.10]" 
           Origin:  Unknown  January, 1996. 
       Annihilator.357: Also received in July, 1995, Annihilator.357 is 
           a 357 byte variant of the Annihilator virus described above.  It 
           adds 357 bytes to the .COM programs it infects.  The virus will 
           be located at the end of the host program.  The file's date and 
           time in the DOS disk directory listing will not appear to be 
           altered, though the seconds field will have been set to "12". 
           The following text strings are encrypted within the viral code: 
           "*.com" 
           "Your harddisk has been infected with" 
           "[HtTM's Annihilator v1.00]" 
           Origin:  Unknown  July, 1995. 
       Annihilator.361: Received in January, 1996, Annihilator.361 is 
           a 361 byte variant of the Annihilator virus described above.  It 
           adds 361 bytes to the .COM programs it infects.  The virus will 
           be located at the end of the host program.  The file's date and 
           time in the DOS disk directory listing will not appear be 
           altered, though the seconds field will have been set to "12". 
           The following text strings are encrypted within the viral code: 
           "*.com" 
           "Your harddisk has been infected with" 
           "[HtTM's Annihilator v1.00]" 
           Origin:  Unknown  January, 1996. 
       Annihilator.379: Also received in July, 1995, Annihilator.379 is 
           a 379 byte variant which only infects .COM files, other than 
           COMMAND.COM and very small .COM files, located in the C: drive 
           root directory.  Programs infected with this variant will have 
           a file length increase of 379 bytes with the virus being located 
           at the end of the file.  The program's date and time in the DOS 
           disk directory listing will not appear to be altered, though the 
           seconds field will have been set to "12".  The following text 
           strings are encrypted within the viral code: 
           "*.com" 
           "Your harddisk has been infected with" 
           "[HtTM's Annihilator v1.00]" 
           Origin:  Unknown  July, 1995. 
       Annihilator.383: Received in January, 1996, Annihilator.383 is 
           a 383 byte variant of the Annihilator virus described above.  It 
           adds 383 bytes to the .COM programs it infects in the C: drive 
           root directory.  The virus will be located at the end of the host 
           program.  The file's date and time in the DOS disk directory 
           listing will not appear be altered, though the seconds field will 
           have been set to "12".  The following text strings are encrypted 
           within the viral code: 
           "*.com" 
           "Your harddisk has been infected with" 
           "[HtTM's Annihilator v1.00]" 
           Origin:  Unknown  January, 1996. 
       Annihilator.390: Also received in July, 1995, Annihilator.390 is 
           a 390 byte variant of the Annihilator virus described above.  It 
           adds 390 bytes to the .COM programs it infects.  The virus will 
           be located at the end of the host program.  The file's date and 
           time in the DOS disk directory listing will not appear to be 
           altered, though the seconds field will have been set to "12". 
           The following text strings are encrypted within the viral code: 
           "*.com" 
           "Your harddisk has been infected with" 
           "[HtTM's Annihilator v2.00 - 10.08.1991]" 
           Origin:  Unknown  July, 1995. 
       Annihilator.394: Received in January, 1996, Annihilator.394 is 
           a 394 byte variant of the Annihilator virus described above.  It 
           adds 394 bytes to the .COM programs it infects.  The virus will 
           be located at the end of the host program.  The file's date and 
           time in the DOS disk directory listing will not appear be 
           altered, though the seconds field will have been set to "12". 
           The following text strings are encrypted within the viral code: 
           "*.com" 
           "Your harddisk has been infected with" 
           "[HtTM's Annihilator v2.00 - 10.08.1991]" 
           Origin:  Unknown  January, 1996. 
       Annihilator.412: Also received in July, 1995, Annihilator.412 is 
           a 412 byte variant which only infects .COM files, other than 
           COMMAND.COM and very small .COM files, located in the C: drive 
           root directory.  Programs infected with this variant will have 
           a file length increase of 412 bytes with the virus being located 
           at the end of the file.  The program's date and time in the DOS 
           disk directory listing will not appear to be altered, though the 
           seconds field will have been set to "12".  The following text 
           strings are encrypted within the viral code: 
           "*.com" 
           "Your harddisk has been infected with" 
           "[HtTM's Annihilator v2.00 - 10.08.1991]" 
           Origin:  Unknown  July, 1995. 
       Annihilator.416: Received in January, 1996, Annihilator.416 is 
           a 416 byte variant of the Annihilator virus described above.  It 
           adds 416 bytes to the .COM programs it infects in the C: drive 
           root directory.  The virus will be located at the end of the host 
           program.  The file's date and time in the DOS disk directory 
           listing will not appear be altered, though the seconds field will 
           have been set to "12".  The following text strings are encrypted 
           within the viral code: 
           "*.com" 
           "Your harddisk has been infected with" 
           "[HtTM's Annihilator v2.00 - 10.08.1991]" 
           Origin:  Unknown  January, 1996. 
       Annihilator.453: Received in January, 1996, Annihilator.453 is 
           a 453 byte variant of the Annihilator virus described above.  It 
           adds 453 bytes to the .COM programs it infects.  The virus will 
           be located at the end of the host program.  The file's date and 
           time in the DOS disk directory listing will not appear be 
           altered, though the seconds field will have been set to "12". 
           The following text strings are encrypted within the viral code: 
           "[HtTM's Annihilator v3.10]" 
           "*.COM" 
           Origin:  Unknown  January, 1996. 
       Annihilator.510: Received in January, 1996, Annihilator.510 is 
           a 510 byte variant of the Annihilator virus described above.  It 
           adds 510 bytes to the .COM programs it infects.  The virus will 
           be located at the end of the host program.  The file's date and 
           time in the DOS disk directory listing will not appear be 
           altered, though the seconds field will have been set to "12". 
           The following text strings are encrypted within the viral code: 
           "*.com" 
           "Your harddisk has been infected with" 
           "[HtTM's Annihilator v2.10 - 10.08.1991]" 
           Origin:  Unknown  January, 1996. 
       Annihilator.548: Received in January, 1996, Annihilator.548 is 
           a 548 byte variant of the Annihilator virus described above.  It 
           infects one .COM file located in the C: drive root directory and 
           one .COM file located in the current drive current directory 
           when an infected program is executed.  Infected programs increase 
           in size by 548 with the virus being located at the end of the 
           host program.  The file's date and time in the DOS disk directory 
           listing will not appear be altered, though the seconds field will 
           have been set to "12".  The following text strings are encrypted 
           within the viral code: 
           "*.com" 
           "Your harddisk has been infected with" 
           "[HtTM's Annihilator v2.10 - 10.08.1991]" 
           Origin:  Unknown  January, 1996. 
       Annihilator.596: Received in January, 1996, Annihilator.596 is 
           a 596 byte variant of the Annihilator virus described above.  It 
           infects one .COM file located in the C: drive root directory and 
           four .COM files located in the current drive current directory 
           when an infected program is executed.  Infected programs increase 
           in size by 596 with the virus being located at the end of the 
           host program.  The file's date and time in the DOS disk directory 
           listing will not appear be altered, though the seconds field will 
           have been set to "12".  The following text strings are encrypted 
           within the viral code: 
           "This file is infected with" 
           "Annihilator" 
           "by [HtTM] - 10.08.1991/93" 
           "*.COM" 
           Origin:  Unknown  January, 1996. 
       Annihilator.599: Received in January, 1996, Annihilator.599 is 
           a 599 byte variant of the Annihilator virus described above.  It 
           infects one .COM file located in the C: drive root directory and 
           one .COM file located in the current drive current directory 
           when an infected program is executed.  Infected programs increase 
           in size by 599 with the virus being located at the end of the 
           host program.  The file's date and time in the DOS disk directory 
           listing will not appear be altered, though the seconds field will 
           have been set to "12".  The following text strings are encrypted 
           within the viral code, though on rare occassion they may appear 
           unencrypted: 
           "*.com" 
           "Your harddisk has been infected with" 
           "[HtTM's Annihilator v3.21 - 10.08.1991/93" 
           Origin:  Unknown  January, 1996. 
       Annihilator.603: Received in January, 1996, Annihilator.603 is 
           a 603 byte variant of the Annihilator virus described above.  It 
           infects one .COM file located in the C: drive root directory and 
           one .COM file located in the current drive current directory 
           when an infected program is executed.  Infected programs increase 
           in size by 603 bytes with the virus being located at the end of 
           the host program.  The file's date and time in the DOS disk 
           directory listing will not appear be altered, though the seconds 
           field will have been set to "12".  The following text strings are 
           encrypted within the viral code: 
           "*.com" 
           "our harddisk has been infected with" 
           "[HtTM's Annihilator v3.00 - 10.08.1991/93]" 
           Origin:  Unknown  January, 1996. 
       Annihilator.607: Received in January, 1996, Annihilator.607 is 
           a 607 byte variant of the Annihilator virus described above.  It 
           infects two .COM files located in the C: drive root directory and 
           two .COM files located in the current drive current directory 
           when an infected program is executed.  However, in the event the 
           infected program is executed with the current drive being drive 
           C:, it may only infect three files on the drive.  Infected 
           programs increase in size by 607 bytes with the virus being 
           located at the end of the host program.  The file's date and time 
           in the DOS disk directory listing will not appear be altered, 
           though the seconds field will have been set to "12".  The 
           following text strings are encrypted within the viral code: 
           "*.com" 
           "Your harddisk has been infected with" 
           "[HtTM's Annihilator v3.10 - 10.08.1991/93]" 
           Origin:  Unknown  January, 1996. 
       Annihilator.610: Received in January, 1996, Annihilator.610 is 
           a 610 byte variant of the Annihilator virus described above.  It 
           infects one .COM file located in the C: drive root directory and 
           two .COM files located in the current drive current directory 
           when an infected program is executed.  However, in the event the 
           infected program is executed with the current drive being drive 
           C:, it may only infect two files on the drive.  Infected 
           programs increase in size by 610 bytes with the virus being 
           located at the end of the host program.  The file's date and time 
           in the DOS disk directory listing will not appear be altered, 
           though the seconds field will have been set to "12".  The 
           following text strings are encrypted within the viral code: 
           "*.com" 
           "Your harddisk has been infected with" 
           "[HtTM's Annihilator v3.10 - 10.08.1991/93]" 
           Origin:  Unknown  January, 1996. 
       Annihilator.673: Received in January, 1996, Annihilator.673 is 
           a 673 byte variant of the Annihilator virus described above.  It 
           infects one .COM file located in the C: drive root directory and 
           two .COM files located in the current drive current directory 
           when an infected program is executed.  Infected programs increase 
           in size by 673 bytes with the virus being located at the end of 
           the host program.  The file's date and time in the DOS disk 
           directory listing will not appear be altered, though the seconds 
           field will have been set to "12".  The following text strings are 
           encrypted within the viral code, though they may rarely occur 
           unencrypted: 
           "Your harddisk has been infected with" 
           "[HtTM's Annihilator v3.00 - 10.08.1991/93]" 
           "The slightly polymorph COM infector Virus!" 
           "*.com" 
           Origin:  Unknown  January, 1996. 
       Annihilator.711: Also received in July, 1995, Annihilator.711 is 
           a 711 byte variant of the Annihilator virus described above.  It 
           adds 711 bytes to the .COM programs it infects.  The virus will 
           be located at the end of the host program.  The file's date and 
           time in the DOS disk directory listing will not appear to be 
           altered, though the seconds field will have been set to "12". 
           The following text strings are encrypted within the viral code: 
           "*.com" 
           "Your harddisk has been infected with" 
           "[HtTM's Annihilator v2.00 - 10.08.1991]" 
           Origin:  Unknown  July, 1995. 
       Annihilator.733: Received in January, 1996, Annihilator.733 is 
           a 733 byte variant of the Annihilator virus described above.  It 
           adds 733 bytes to the .COM programs it infects in the C: drive 
           root directory.  The virus will be located at the end of the host 
           program.  The file's date and time in the DOS disk directory 
           listing will not appear be altered, though the seconds field will 
           have been set to "12".  The following text strings are encrypted 
           within the viral code: 
           "Your harddisk has been infected with" 
           "[HtTM's Annihilator v2.10 - 10.08.1991]" 
           "The slightly polymorph COM infector Virus!" 
           "*.com" 
           Origin:  Unknown  January, 1996. 
       Annihilator.739: Received in January, 1996, Annihilator.739 is 
           a 739 byte variant of the Annihilator virus described above.  It 
           adds 739 bytes to the .COM programs it infects in the C: drive 
           root directory.  The virus will be located at the end of the host 
           program.  The file's date and time in the DOS disk directory 
           listing will not appear be altered, though the seconds field will 
           have been set to "12".  The following text strings are encrypted 
           within the viral code: 
           "*.com" 
           "Your harddisk has been infected with" 
           "[HtTM's Annihilator v2.10 - 10.08.1991]" 
           Origin:  Unknown  January, 1996.

Show viruses from discovered during that infect .

Main Page