Shaker Virus

Virus Name: Shaker Aliases: Prague Joker V Status: Rare Discovered: November, 1991 Symptoms: .COM file growth; "shaky" screen effect may be produced; decrease in total system and available free memory Origin: Prague, Czechoslovakia Eff Length: 512 Bytes Type Code: PRhCK - Resident Parasitic .COM Infector Detection Method: ViruScan, Sweep, AVTK, F-Prot, ChAV, NAV, IBMAV, NAVDX, VAlert, PCScan, NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N Removal Instructions: Delete infected files General Comments: The Shaker virus was received in November, 1991. This virus is reported to have originated in Prague, Czechoslovakia. Shaker is a memory resident infector of .COM files, including COMMAND.COM. It is based on the BackTime virus, and anti-viral programs may identify it as such. The first time a program infected with the Shaker virus is executed, Shaker will install itself memory resident at the top of system memory but below the 640K DOS boundary. Total system and available free memory, as indicated by the DOS CHKDSK program, will have decreased by 528 bytes. Interrupts 08 and 21 will be hooked by Shaker in memory. Interrupt 12's return will not have been moved. After Shaker is memory resident, the virus will infect any .COM program when it is executed. If COMMAND.COM is executed, it will become infected. Shaker infected programs will have a file length increase of 512 bytes. The virus will be located at the end of the infected file. There will be no change to the file's date and time in the DOS disk directory listing. One text string can be viewed within the viral code in infected programs: "Shaker" Systems infected with Shaker may experience a "shaky" screen effect once the virus is memory resident. This effect, however, does not occur on all systems. See: BackTime Blinker