Shake Virus


 Virus Name:  Shake 
 Aliases:     Shake Dropper 
 V Status:    Rare 
 Discovered:  May, 1990 
 Symptoms:    .COM growth; message; change in COMMAND.COM memory allocation 
 Origin:      Bulgaria 
 Eff Length:  476 Bytes 
 Type Code:   PRCK - Resident Parasitic .COM Infector 
 Detection Method:  ViruScan, F-Prot, NAV, AVTK, Sweep, IBMAV, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Shake virus was first isolated in Bulgaria in May, 1990 by 
       Daniel Kalchev.  It is a memory resident generic .COM infector, and 
       will infect COMMAND.COM. 
 
       The first time an infected program is executed, the Shake virus 
       will install itself memory resident, altering the image of 
       COMMAND.COM in memory. 
 
       The Shake virus infects .COM files, infecting them as they are 
       accessed.  Infected files increase in size by 476 Bytes, though the 
       size increase cannot be seen using a DIR (list directory) command 
       if the virus is memory resident. 
 
       While the virus is not destructive, it will occasionally display 
       the message: "Shake well before use !" when an infected file is 
       attempted to be run.  When this message is displayed, the program 
       terminates rather than executes.  A second attempt to run the same 
       program result in it running successfully. 
 
       Known variant(s) of Shake are: 
       Shake Dropper: A small .EXE program which drops the Shake virus 
                      described above. 
                      Origin:  Bulgaria, May, 1990

Show viruses from discovered during that infect .

Main Page