Skid Row Virus


 Virus Name:  Skid Row 
 Aliases:     Skid Row.418 
 V Status:    New 
 Discovered:  January, 1995 
 Symptoms:    .EXE files altered 
 Origin:      Unknown 
 Eff Length:  418 Bytes 
 Type Code:   PRE - Overwriting Resident .EXE Infector 
 Detection Method:  F-Prot, AVTK, IBMAV, ViruScan, Sweep, NAV, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    AVTK/N, IBMAV/N, NShld, Sweep/N, LProt, Innoc, NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Skid Row virus was received in January, 1995.  Its origin or 
       point of isolation is unknown.  Skid Row is a memory resident 
       infector of .EXE programs.  It is a fast infecting stealth virus, 
       quickly spreading on infected systems. 
 
       When the first Skid Row infected program is executed, this 
       virus will install itself memory resident, tunnelling the interrupts 
       it uses.  Memory mapping utilities will not show any interrupts to 
       be assigned to the virus in memory.  Total system and available free 
       memory, as indicated by the DOS CHKDSK program, will not be altered. 
 
       Once the Skid Row virus is memory resident, it will infect .EXE 
       programs when they are executed or opened for any reason.  Infected 
       programs will have 418 of the first 512 bytes in the file overwritten 
       with the viral code.  The program's date and time in the DOS disk 
       directory listing will not be altered.  No text strings are visible 
       within the viral code in infected programs.   The Skid Row virus 
       is a full stealth virus, and the virus will disinfect infected 
       programs when they are read into memory. 
 
       It is unknown if Skid Row does anything besides replicate. 
 
       Known variant(s) of Skid Row are: 
       Skid Row.415: Also received in January, 1995, Skid Row.415 is 
             a 415 byte variant of the Skid Row virus described above.  It 
             becomes memory resident in available system memory, hooking 
             interrupt 13.  Infected programs will have the 415 of the 
             first 512 bytes of the host file overwritten by the viral code. 
             Origin:  Unknown  January, 1995. 
       Skid Row.432: Also received in January, 1995, Skid Row.432 is 
             a 432 byte variant of the Skid Row virus described above. 
             Frequent system hangs occur on infected systems. 
             Origin:  Unknown  January, 1995.

Show viruses from discovered during that infect .

Main Page