Repent Virus

Virus Name: Repent Aliases: V Status: Viron Discovery: December, 1992 Symptoms: .COM files overwritten; program corruption; programs fail to function properly; boot failures Origin: Unknown Eff Length: 350 Bytes OW Type Code: ONCK - Overwriting Non-Resident .COM Infector Detection Method: ViruScan, Sweep, F-Prot, NAV, IBMAV, AVTK, NAVDX, VAlert, PCScan, ChAV, NShld, Sweep/N, Innoc, LProt, NAV/N, AVTK/N, IBMAV/N, NProt Removal Instructions: Delete infected files General Comments: The Repent virus was submitted in December, 1992. Its origin or point of isolation is unknown. Repent is a non-resident overwriting virus which infects .COM programs, including COMMAND.COM. When a program infected with the Repent virus is executed, the Repent virus will infect the first four .COM programs located in the current directory. If COMMAND.COM is located in this directory, it may become infected. The Repent virus contains code to move up one directory in the directory structure, though this code does not function properly and programs in higher level directories are not infected by the virus. Programs infected with the Repent virus will have the first 350 bytes of the host program overwritten by the Repent viral code. There will be no change to the file's length unless it was originally smaller than 350 bytes in length, in which case it will become 350 bytes in length. The program's date and time in the DOS disk directory listing will not be altered. One text string is encrypted within the Repent viral code: "*.COM .." Programs infected with the Repent virus will not function properly, and are permanently corrupted. Boot failures will occur once the boot copy of COMMAND.COM becomes infected by the virus.