Scratch Virus


 Virus Name:  Scratch 
 Aliases:     Scratch.374 
 V Status:    New 
 Discovered:  July, 1995 
 Symptoms:    .COM & .EXE growth; file date/time changes; 
              unexpected system reboots; 
              decrease in available free memory 
 Origin:      Unknown 
 Eff Length:  374 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method: F-Prot, AVTK, VAlert, Sweep, NAV, NAVDX, IBMAV, 
                   ViruScan, PCScan, ChAV, 
                   NAV/N, Sweep/N, NShld, IBMAV/N, AVTK/N, NProt, Innoc 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Scratch virus was received in July, 1995.  Its origin or point 
       of isolation is unknown.  Scratch is a memory resident infector of 
       .COM and .EXE files, including COMMAND.COM. 
 
       When the first Scratch infected program is executed, this virus will 
       install itself memory resident at the top of system memory but below 
       the 640K DOS boundary, hooking interrupt 21.  Available free memory, 
       as indicated by the DOS CHKDSK program from DOS 5.0, will have 
       decreased by 384 bytes.  Interrupt 12's return will not be moved. 
 
       Once the Scratch virus is memory resident, it will infect .COM and 
       .EXE files when they are executed.  Infected programs will have a 
       file length increase of 374 bytes with the virus being located at 
       the end of the file.  The program's date and time in the DOS disk 
       directory listing will not be altered.  No unique text strings are 
       visible within the viral code. 
 
       Users of systems infected with the Scratch virus may experience an 
       unexpected system reboot when files are being infected by the 
       virus. 
 
       Known variant(s) of Scratch are: 
       Scratch.554: Also received in July, 1995, this is a 554 byte 
           variant of the Scratch virus described above.  Its size in 
           memory is 1,024 bytes, hooking interrupt 21.  Once resident, 
           it infects .COM and .EXE files, including COMMAND.COM, when 
           they are executed.  This variant will also occassionally 
           reinfect previously infected files.  Programs infected with 
           the Scratch.554 virus will have a file length increase of 554 
           bytes for each infection of the virus present on the file.  The 
           virus will be located at the end of the file.  The program's 
           date and time in the DOS disk directory listing will not be 
           altered.  No text strings are visible within the viral code. 
           Origin:  Unknown  July, 1995.

Show viruses from discovered during that infect .

Main Page