Antigus Virus


 Virus Name:  Antigus 
 Aliases:     Antigus.1570 
 V Status:    New 
 Discovery:   January, 1996 
 Symptoms:    .EXE file growth; file date/time changes; 
              decrease in available free memory 
 Origin:      Malaysia 
 Eff Length:  1,570 - 1,584 Bytes 
 Type Code:   PRhE - Parasitic Resident .EXE Infector 
 Detection Method: ViruScan, IBMAV, AVTK, NAV, NAVDX, F-Prot, ChAV, 
                   IBMAV/N, NShld, NAV/N, AVTK/N, Innoc 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Antigus virus was received in January, 1996.  It appears to be 
       from Malaysia.  Antigus is a memory resident infector of .EXE files. 
 
       When the first Antigus infected program is executed, this virus 
       will install itself memory resident at the top of system memory but 
       below the 640K DOS boundary, not moving interrupt 12's return. 
       Available free memory, as indicated by the DOS CHKDSK program from 
       DOS 5.0, will have decreased by 3,184 bytes.  Interrupts 08 and 21 
       will be hooked by the virus in memory. 
 
       Once the Antigus virus is memory resident, it will infect .EXE 
       files when they are executed.  Infected files will have a file length 
       increase of 1,570 to 1,584 bytes with the virus being located at the 
       end of the file.  The program's date and time in the DOS disk 
       directory listing will have been updated to the current system 
       date and time when infection occurred.  The following text strings 
       are encrypted within the viral code: 
 
           "Happy birthday to me!" 
           "E-VIRUS II aka Anti-GUS.12th December 1994.KL,Malaysia" 
           "TM was here!" 
 
       It is unknown what the Antigus virus does besides replicate.

Show viruses from discovered during that infect .

Main Page