Slava Virus


 Virus Name:  Slava 
 Aliases:     Slava.492 
 V Status:    New 
 Discovered:  July, 1995 
 Symptoms:    .COM file growth; decrease in available free memory 
 Origin:      Unknown 
 Eff Length:  492 - 501 Bytes 
 Type Code:   PRhC - Parasitic Resident .COM Infector 
 Detection Method: F-Prot, AVTK, VAlert, Sweep, NAV, NAVDX, IBMAV, 
                   ViruScan, PCScan, ChAV, 
                   Sweep/N, NAV/N, IBMAV/N, NShld, AVTK/N, Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Slava or Slava.492 virus was received in July, 1995.  Its origin 
       or point of isolation is unknown.  Slava is a memory resident 
       infector of .COM files, but not COMMAND.COM. 
 
       When the first Slava infected program is executed, this virus will 
       become memory resident at the top of system memory but below the 
       640K DOS boundary, not moving interrupt 12's return.  Available 
       free memory, as indicated by the DOS CHKDSK program from DOS 5.0, 
       will have decreased by 2,096 bytes.  Interrupt 21 will be hooked 
       by the virus in memory. 
 
       Once the Slava virus is memory resident, it will infect .COM files, 
       but not COMMAND.COM, when they are executed.  Infected .COM files 
       will have a file length increase of 492 to 501 bytes with the virus 
       being located at the end of the file.  The program's date and time 
       in the DOS disk directory listing will not be altered.  The 
       following text string is visible within the viral code in all 
       infected programs: 
 
           "command" 
 
       It is unknown what the Slava virus may do besides replicate.

Show viruses from discovered during that infect .

Main Page