Riihi Virus
Virus Name: Riihi
Aliases: Riihi.132
V Status: Rare
Discovery: April, 1994
Symptoms: .COM file growth; file date/time changes
Origin: Unknown
Eff Length: 132 Bytes
Type Code: PRaCK - Parasitic Resident .COM Infector
Detection Method: F-Prot, ViruScan, IBMAV, Sweep, AVTK, NAV, NAVDX,
VAlert, PCScan, ChAV,
NProt, AVTK/N, NShld, Sweep/N, IBMAV/N, NAV/N, Innoc 4.0+
Removal Instructions: Delete infected files
General Comments:
The Riihi virus was received in April, 1994. Its origin or point of
isolation is unknown. Riihi is a memory resident infector of .COM
programs, including COMMAND.COM.
When the first Riihi infected program is executed, this virus will
install itself memory resident in allocated system memory, hooking
interrupt 21. Total system and/or available free memory, as indicated
by the DOS CHKDSK program, will not be altered.
Once memory resident, the Riihi virus will infect .COM programs
when they are executed. Infected programs will have a file length
increase of 132 bytes with the virus being located at the end of the
file. The program's date and time in the DOS disk directory listing
will have been updated to the current system date and time when
infection occurred. No text strings are visible within the viral
code.
Known variant(s) of Riihi are:
Riihi.132: Received in January, 1996, this is a 258 byte
memory resident variant of Riihi. It adds 258 bytes to the
.COM files it infects, the virus being located at the end
of the file. The program's date and time in the DOS disk
directory listing will have been updated to the current
system date and time when infection occurred. No text
strings are visible within the viral code.
Origin: Unknown January, 1996.