SillyOR Virus


 Virus Name:  SillyOR  
 Aliases:     SillyOR.76 
 V Status:    Rare 
 Discovered:  July, 1994 
 Symptoms:    .COM & .EXE files overwritten; program corruption; 
              file date/time changes 
 Origin:      Unknown 
 Eff Length:  76 Bytes Overwriting 
 Type Code:   ORsAK - Overwriting Resident .COM & .EXE Infector 
 Detection Method:  F-Prot, AVTK, IBMAV, ViruScan, Sweep, NAVDX, VAlert, 
                    NAV, PCScan, 
                    AVTK/N, Sweep/N, NProt, IBMAV/N, NShld, NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The SillyOR or SillyOR.76 virus was received in July, 1994, along 
       with four variants of this virus.  Their origin or point of isolation 
       is unknown.  SillyOR is a memory resident overwriting virus which 
       infects .COM and .EXE programs, including COMMAND.COM. 
 
       When the first SillyOR infected program is executed, this virus will 
       install itself memory resident as a low system memory TSR of 400 
       bytes.  Interrupts 21 and 32 will be hooked by the virus in memory. 
 
       Once the SillyOR virus is memory resident, it will infect .COM and 
       .EXE programs when they are copied.  Infected programs will have the 
       first 76 bytes overwritten with the SillyOR viral code.  The file's 
       date and time in the DOS disk directory listing will have been 
       updated to the current system date and time when infection occurred. 
       No text strings are visible within the viral code in infected files. 
 
       Programs infected with the SillyOR virus will fail to function 
       properly as the beginning of the program has been overwritten.  Other 
       programs which have not been infected by the virus may display 
       garbage characters when they are executed with the virus memory 
       resident. 
 
       Known variant(s) of SillyOR are: 
       SillyOR.88: Received in July, 1994, SillyOR.88 is an 88 byte 
           variant of the SillyOR virus described above.  It becomes 
           memory resident in a "hole" in allocated system memory, hooking 
           interrupt 21.  As a result, there will be no change to total 
           system or available free memory as indicated by the DOS CHKDSK 
           program.  Once resident, SillyOR.88 infects .COM and .EXE files 
           when they are copied.  Infected programs will have the first 88 
           characters of the file overwritten by the virus, thus permanently 
           corrupting the program.  The file's date and time in the DOS 
           disk directory listing will have been updated to the current 
           system date and time when infection occurred.  No text strings 
           are visible within the viral code. 
           Origin:  Unknown  July, 1994. 
       SillyOR.94: Received in July, 1994, SillyOR.94 is very similar 
           to SillyOR.88.  It overwrites the first 94 bytes of the files 
           which it infects. 
           Origin:  Unknown  July, 1994. 
       SillyOR.97: Received in July, 1994, SillyOR.97 is very similar 
           to SillyOR.88.  It overwrites the first 97 bytes of the files 
           which it infects. 
           Origin:  Unknown  July, 1994. 
       SillyOR.101: Received in July, 1994, SillyOR.101 becomes memory 
           resident in "hole" in allocated memory, similar to SillyOR.88, 
           hooking interrupt 21.  It infects .COM and .EXE files, including 
           COMMAND.COM, when they are executed.  It does not infect files 
           when they are copied.  Programs infected with the SillyOR.101 
           virus will have the first 101 bytes overwritten by the viral 
           code.  The program's date and time in the DOS disk directory 
           listing will have been updated to the current system date and time 
           when infection occurred.  No text strings are visible within 
           the viral code. 
           Origin:  Unknown  July, 1994.

Show viruses from discovered during that infect .

Main Page