Red Diavolyata Virus


 Virus Name:  Red Diavolyata 
 Aliases:     USSR 830, MLTI 
 V Status:    Rare 
 Discovery:   December, 1990 
 Symptoms:    .COM growth; decrease in system and available memory; file 
              date/time changes 
 Origin:      USSR 
 Eff Length:  830 Bytes 
 Type Code:   PRhCK - Parasitic Resident .COM Infector 
 Detection Method:  ViruScan, AVTK, F-Prot, NAV, Sweep, IBMAV, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Red Diavolyata virus is an 830 byte memory resident infector of 
       .COM files, including COMMAND.COM.  It was submitted in December, 
       1990, and originated in the USSR. 
 
       The first time a program infected with Red Diavolyata is executed, 
       the virus will install itself memory resident at the top of system 
       memory but below the 640K DOS boundary.  The interrupt 12 return is 
       not moved. The DOS CHKDSK command will indicate that total system 
       memory and available free memory have decreased by 960 bytes. 
       Interrupt 21 will be hooked by the virus. 
 
       Once Red Diavolyata is memory resident, any .COM program executed 
       will become infected by the virus.  If COMMAND.COM is executed, it 
       will be infected. 
 
       Infected .COM programs will have their file length increased by 830 
       bytes, and their date and time in the disk directory will have been 
       altered to the system date and time when infection occurred.  The 
       virus will be located at the end of the infected program. 
 
       The following text strings can be found at the end of infected 
       programs: 
 
               "Eddie die somewhere in time" 
               "This programm was written in the city of Prostokwashino" 
               "(C) 1990   RED DIAVOLYATA" 
               "Hello! MLTI!" 
 
       Additionally, the text string "MLTI!COMMAND" can be found within 
       infected files. 
 
       It is unknown if Red Diavolyata does anything besides replicate. 
 
       Known variant(s) of Red Diavolyata are: 
       Red Diavolyata B: Very similar to Red Diavolyata B, the major 
                         difference from the original virus is that 
                         interrupt 1C will also be hooked when the virus 
                         is memory resident.  There are two bytes within 
                         the virus which differ from the original virus.

Show viruses from discovered during that infect .

Main Page