Sicilian Mob Virus

Virus Name: Sicilian Mob Aliases: V Status: Rare Discovered: December, 1991 Symptoms: .COM file growth; system warm reboots; message Origin: Canada Eff Length: 1,024 Bytes Type Code: PNCK - Non-Resident Parasitic .COM Infector Detection Method: ViruScan, Sweep, F-Prot, AVTK, NAV, IBMAV, NAVDX, VAlert, PCScan, ChAV, NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N Removal Instructions: Delete infected files General Comments: The Sicilian Mob virus was received in December, 1991. It is originally from Canada. This virus is a non-resident, direct action, infector of .COM files, including COMMAND.COM. It is based on the Vienna virus. When a program infected with the Sicilian Mob virus is executed, the virus will look for an uninfected .COM program to infect. The current directory is searched first, and then the system path. If no system path has been set, the virus will search the current drive's directory structure. Once an uninfected .COM file has been located, the virus will infect it. Programs infected with the Sicilian Mob virus will have a file length increase of 1,024 bytes. The virus will be located at the end of the infected file. The file's date and time in the DOS disk directory listing will not have been altered. Starting in 1992, the virus will display the following message each time an infected program is executed: "Sicilian Mob Ia - Virus [NUKE]'91 - Rock MP" This text string is visible in all infected files, as are the following additional text strings: "Copyright (C) 1991 by [NUKE] InterNat'nl Software Development" "Completed September 1991, Montreal, Canada" "--> [NUKE] H/A/P/V/T at its Best <--" "*.COM" "????????COM" Each time a program infected with the Sicilian Mob virus is executed, there is a one in seven chance of the virus performing a warm system reboot. See: Parasite Vienna VHP