Revenge Attacker Virus


 Virus Name:  Revenge Attacker 
 Aliases:     777, Revenge 
 V Status:    Rare 
 Discovery:   June, 1991 
 Symptoms:    .COM file growth; DIR command problems; system hang; 
              hard disk format 
 Origin:      Philipines 
 Eff Length:  1,127 Bytes 
 Type Code:   PRsCK - Parasitic Resident .COM Infector 
 Detection Method:  ViruScan, F-Prot, Sweep, AVTK, NAV, 
                    IBMAV, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Revenge Attacker, or 777, virus was received in June, 1991. 
       It originated in the Philipines.  Revenge Attacker is a memory 
       resident generic infector of .COM programs, including COMMAND.COM. 
       It is a very destructive virus when it activates. 
 
       The first time a program infected with Revenge Attacker is executed, 
       the virus will install itself memory resident as a low system memory 
       TSR of 1,392 bytes.  Interrupt 21 will be hooked by the virus. 
       COMMAND.COM will also be infected by the virus at this time. 
 
       Once Revenge Attacker is memory resident, it will infect one .COM 
       program each time an infected program is executed.  Infected 
       programs will increase in size by 1,127 bytes with the virus being 
       located at the end of the infected program.  Infected programs 
       will also have their date and time in the disk directory updated to 
       the system date and time when infection occurred. 
 
       Infected programs will be marked by the virus with the text string 
       "777" being found in the fourth through sixth bytes of infected 
       files.  There are two other text strings which appear in infected 
       programs: 
 
               "*** 777 - Revenge Attacker V1.01 ***" 
               "*.COM" 
 
       Revenge Attacker's low system memory TSR is not used for file 
       infection, but will interfer with system operation when some DOS 
       internal commands are issued.  For example, issuing a DIR command 
       when Revenge Attacker is memory resident will result in a directory 
       display with the first directory entry repeated in place of each 
       actual directory entry.  After a DIR command, the system will hang. 
 
       After all .COM programs in the current directory are infected, 
       Revenge Attacker will activate.  At this time it will display the 
       first text string indicated above, followed by repeated 7's across 
       the screen.  While it is displaying the message and writing the 7's 
       to the screen, it will overwrite the system hard disk starting with 
       Side 0, Cylinder 1, Sector 0.  Fat corruption, directory 
       corruption, and file loss may result even if the user turns off 
       the computer immediately when the message is displayed.

Show viruses from discovered during that infect .

Main Page