SillyCER Virus
Virus Name: SillyCER
Aliases: SillyCER.307
V Status: New
Discovered: July, 1995
Symptoms: .COM & .EXE growth
Origin: Unknown
Eff Length: 307 - 321 Bytes
Type Code: PRaAK - Parasitic Resident .COM & .EXE Infector
Detection Method: F-Prot, AVTK, VAlert, Sweep, NAV, NAVDX, IBMAV,
ViruScan, PCScan, ChAV,
Sweep/N, NAV/N, IBMAV/N, AVTK/N, NShld, NProt, Innoc 4.0+
Removal Instructions: Delete infected files
General Comments:
The SillyCER or SillyCER.307 virus was received in July, 1995. Its
origin or point of isolation is unknown. SillyCER is a memory
resident infector of .COM and .EXE programs, including COMMAND.COM.
It doesn't do anything besides replicate.
When the first SillyCER infected program is executed, this virus will
install itself memory resident in a hole in allocated system memory,
hooking interrupt 21. Total system and available free memory, as
indicated by the DOS CHKDSK program, will not be altered.
Once the SillyCER virus is memory resident, it will infect .COM
and .EXE programs when they are executed. Infected .COM programs
will have a file length increase of 307 bytes, while infected .EXE
programs will have increased in size by 307 to 321 bytes. In both
cases, the virus will be located at the end of the file. The
program's date and time in the DOS disk directory listing will not
be altered. No text strings are visible within the viral code.