Rigor Virus

Virus Name: Rigor Aliases: Rigor.373, Echo.B V Status: Viron Discovery: February, 1995 Symptoms: .EXE file corruption; file date/time changes; message "Bad command or file name" Origin: Unknown (possibly Australia) Eff Length: 373 Bytes Overwriting Type Code: ONE - Overwriting Non-Resident .EXE Infector Detection Method: F-Prot, NAV, AVTK, Sweep, IBMAV, NAVDX, VAlert, ViruScan, PCScan, ChAV, Sweep/N, NProt, AVTK/N, NAV/N, IBMAV/N, NShld, Innoc 4.0+ Removal Instructions: Delete infected files General Comments: The Rigor, Rigor.373, or Echo.B, virus was received in February, 1995. Its origin or point of isolation is unknown. Rigor is a non-resident, direct action overwriting virus which infects .EXE files. It permanently corrupts the programs it infects. When a program infected with the Rigor virus is executed, this virus will infect the first uninfected .EXE file located in the current directory by overwriting the first 373 bytes of the host program. The virus will then display the following message and return the system user to the DOS prompt: "Bad command or file name" Infected programs will not have any increase in size as the virus overwrites the beginning of the file. The program's date and time in the DOS disk directory listing will have been updated to the current system date and time when infection occurred. The following text strings are visible within the viral code in all infected programs: "*.EXE AUTOEXEC.BAT .." "\MZREMECHO OFF" "CLS" "ECHO Greetings from RigorMortis and SCP/NuKe,Oz!" "Bad command or file name" Programs infected with the Rigor virus cannot be disinfected as a portion of the host program has been overwritten. They should be replaced with clean copies from a backup source.