ShadowByte Virus

Virus Name: ShadowByte Aliases: Shadow, Shadow-2 V Status: Rare Discovered: May, 1991 Symptoms: .COM file growth Origin: Unknown Eff Length: 713 Bytes Type Code: PNCK - Parasitic Non-Resident .COM Infector Detection Method: ViruScan, F-Prot, Sweep, AVTK, IBMAV, NAV, NAVDX, VAlert, PCScan, ChAV, NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N Removal Instructions: Delete infected files General Comments: The ShadowByte, or Shadow, virus was isolated in May, 1991. Its origin is unknown. ShadowByte is a non-resident generic infector of .COM programs, it will infect COMMAND.COM. When a program infected with ShadowByte is executed, it will infect one program in the current directory. If COMMAND.COM is in the current directory, it may become infected. .COM programs, other than COMMAND.COM, will increase in length by 713 bytes when they are infected by ShadowByte. COMMAND.COM will increase in size by 723 bytes if it becomes infected. In both cases, the virus will be located at the end of the infected program. There will be no change to the file date and time in the disk directory. Programs infected with ShadowByte will contain two text strings: "!seviL etybwodahS" "*.COM" The virus' name comes from the first string above, which when reversed says "Shadowbyte Lives!". It is unknown if ShadowByte does anything besides replicate. Known variant(s) of ShadowByte are: Shadow-2: A smaller version of the Shadow virus, Shadow-2 adds 635 bytes to infected files. The following text strings can be found in infected files: "!sevil etybwodahS*.COM ????????." "AWK" Origin: Unknown November, 1991.