Roguey Virus

Virus Name: Roguey Aliases: Badcmdx V Status: Rare Discovery: November, 1993 Symptoms: .COM file growth; TSR; host program encrypted; Lost clusters on infected disks; message displayed; programs fail to function; system boot failure Origin: Unknown Eff Length: 967 Bytes Type Code: PRsCK - Parasitic Resident .COM Infector Detection Method: ViruScan, AVTK, Sweep, IBMAV, F-Prot, NAV, NAVDX, VAlert, PCScan, ChAV, NShld, Sweep/N, AVTK/N, IBMAV/N, Innoc, NProt, NAV/N, LProt Removal Instructions: Delete infected files General Comments: The Roguey, or Badcmdx, virus was received in November, 1993. Its origin or point of isolation is unknown. Roguey is a memory resident infector of .COM programs, including COMMAND.COM. When the first Roguey infected program is executed, this virus will install itself memory resident as a low system memory TSR of 1,584 bytes. Interrupt 21 will be hooked by the virus in memory. Once Roguey is memory resident, it may infect .COM programs when they are executed. Infected programs will have a file length increase of 967 bytes, though this file length increase will be hidden when the virus is memory resident. Roguey encrypts the entire host program in addition to its viral code, so the position of the virus in the host file isn't particularly applicable. The following message may be displayed by the virus when the user attempts to execute infected programs: "Bad Command or file name" This text string is encrypted within infected programs, and thus is not visible within infected files. In addition to displaying the above message, users of infected systems may note an increase in the occurrance of lost clusters on infected disks, as well as the system failing to boot once the boot copy of COMMAND.COM becomes infected.