Ryazan Virus


 Virus Name:  Ryazan 
 Aliases:    
 V Status:    Rare 
 Discovery:   December, 1992 
 Symptoms:    .EXE file growth 
 Origin:      USSR 
 Eff Length:  512 Bytes 
 Type Code:   PRaE - Parasitic Resident .EXE Infector 
 Detection Method:  AVTK, Sweep, F-Prot, ViruScan, IBMAV, PCScan, 
                    NAV, NAVDX, VAlert, ChAV, 
                    Sweep/N, NShld, Innoc, NProt, AVTK/N, IBMAV/N, NAV/N, 
                    LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Ryazan virus was submitted in December, 1992 and is originally 
       from the USSR.  Ryazan is a memory resident infector of .EXE 
       programs. 
 
       When the first Ryazan infected program is executed, the Ryazan 
       virus will install itself memory resident in a "hole" in allocated 
       system memory at 0010.  It will have hooked interrupt 21.  Total 
       system and available free memory, as indicated by the DOS CHKDSK 
       program, will not be altered. 
 
       Once the Ryazan virus is memory resident, it will infect .EXE 
       programs, other than very small ones, when they are executed. 
       Infected programs will have a file length increase of 512 bytes with 
       the virus being located at the end of the file.  The program's date 
       and time in the DOS disk directory listing will not be altered.  The 
       following text string is encrypted within the Ryazan viral code in 
       infected programs: 
 
               "!!Ryazan" 
 
       It is unknown if Ryazan does anything besides replicate.

Show viruses from discovered during that infect .

Main Page