Senorita Virus


 Virus Name:  Senorita 
 Aliases:     Senorita.885 
 V Status:    New 
 Discovered:  January, 1996 
 Symptoms:    .COM file growth; decrease in available free memory 
 Origin:      Unknown 
 Eff Length:  885 Bytes 
 Type Code:   PRtCK - Parasitic Resident .COM Infector 
 Detection Method:  IBMAV, ViruScan, AVTK, NAV, NAVDX, F-Prot, PCScan, 
                    ChAV, 
                    IBMAV/N, AVTK/N, NShld, NAV/N, Innoc 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Senorita virus was received in January, 1996.  Its origin or 
       point of isolation is unknown.  Senorita is a memory resident fast 
       infector of .COM files, including COMMAND.COM. 
 
       When the first Senorita infected program is executed, this virus 
       will install itself memory resident at the top of system memory 
       but below the 640K DOS boundary, moving interrupt 12's return. 
       Available free memory, as indicated by the DOS CHKDSK program from 
       DOS 5.0, will have decreased by 1,008 bytes.  Interrupt 21 will be 
       hooked by the virus in memory.  Also at this time, the virus will 
       infect the copies of COMMAND.COM located in the C: drive root 
       directory and the C:\DOS directory. 
 
       Once the Senorita virus is memory resident, it will infect .COM 
       programs when they are executed or opened, but not when copied. 
       Infected files will have a file length increase of 885 bytes with 
       the virus being located at the end of the file.  The program's date 
       and time in the DOS disk directory listing will not be altered.  The 
       following text string is encrypted within the viral code: 
 
           "C:\DOS\COMMAND.COM" 
 
       It is unknown what the Senorita virus may do besides replicate.

Show viruses from discovered during that infect .

Main Page