Silly-365 Virus


 Virus Name:  Silly-365 
 Aliases:     Pixel, Pixel 877 
 V Status:    Rare 
 Discovered:  May, 1991 
 Symptoms:    .COM file growth; slow to very slow program loads; file date/ 
              time changes 
 Origin:      Europe 
 Eff Length:  877+ Bytes 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method:  ViruScan, F-Prot, Sweep, AVTK, NAV, IBMAV, PCScan, 
                    NAVDX, VAlert, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Silly-365 virus was received from Europe in May, 1991.  It is a 
       very buggy variant of the Silly virus.  Like Silly, it is a non- 
       resident direct action infector of .COM programs, including 
       COMMAND.COM.  It is being listed separately as its behavior and 
       symptoms of infection are considerably different. 
 
       When a program infected with Silly-365 is executed, the virus will 
       search the current drive current directory, and infect all .COM 
       programs found.  If the .COM programs in the current directory were 
       previously infected by Silly-365, they will be reinfected.  Programs 
       infected with Silly-365 will have their date and time in the disk 
       directory updated to the current system date and time with each 
       infection and reinfection. 
 
       The bugs in Silly-365 have to do with the reinfections of programs. 
       With the first infection of a program by Silly-365, the infected 
       program will increase in size by 877 bytes.  On the first 
       reinfection, the program will increase in size by an additional 
       877 bytes.  The second reinfection will result in a file length 
       increase of 1,754 bytes.  The third reinfection adds 3,508 bytes. 
       The pattern is that starting with the second reinfection, the 
       file increase is equal to two times the previous length increase. 
       Needless to say, even when starting with a very small 42 byte .COM 
       program, by the eighth infection, the program is too large to be 
       executed. 
 
       The other problem with Silly-365 is that it is very noticeable.  As 
       the infection proceeds, the system takes longer and longer to 
       execute any .COM program.  By the seventh reinfection on the one 
       of my test systems, the system was literally working on reinfecting 
       two .COM programs for 20 minutes. 
 
       The Silly-365 virus was intended to display the following message 
       when an 8th generation infection is executed: 
 
               "Sector not found error  fucking defoult drive! 
                Please by me a new disk drive!" 
 
       This message, in actual 8th generation infections, is not displayed 
       as the 8th generation infected file is too large to be executed 
       as a .COM program. 
 
       Silly-365 received its name from its base code with is 365 bytes in 
       length.  The Silly virus does not do anything besides replicate. 
 
       Known variant(s) of Silly-365 are: 
       Silly-740: Similar to Silly-365, this variant is actually 370 
                  bytes in length.  Like Silly-365, it reinfects files 
                  multiple times, so infected files will increase in 
                  size by some multiple of 370 or 740 bytes. 
                  Origin:  Unknown  January, 1992. 
 
       See:   Amstrad   Hell   Pixel   Silly

Show viruses from discovered during that infect .

Main Page