Sleepwalker Virus


 Virus Name:  Sleepwalker 
 Aliases:    
 V Status:    Rare 
 Discovered:  September, 1993 
 Symptoms:    .COM file growth; decrease in total system & available free 
              memory; file time changed to 10:47a     
 Origin:      Australia 
 Eff Length:  1,268 - 1,282 Bytes 
 Type Code:   PRhCK - Parasitic Resident .COM Infector 
 Detection Method:  AVTK, F-Prot, IBMAV, Sweep, ViruScan, 
                    NAV, NAVDX, VAlert, PCScan, ChAV, 
                    AVTK/N, Sweep/N, NShld, NProt, IBMAV/N, Innoc, NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Sleepwalker virus was submitted in September, 1993, and is from 
       Australia.  Sleepwalker is a memory resident virus which infects 
       .COM programs, including COMMAND.COM. 
 
       When the first Sleepwalker infected program is executed, this virus 
       will install itself memory resident at the top of system memory but 
       below the 640K DOS boundary, hooking interrupts 1C and 21.  Total 
       system and available free memory, as indicated by the DOS CHKDSK 
       program, will have decreased by 1,552 bytes.  Interrupt 12's return 
       will not have been moved. 
 
       Once the Sleepwalker virus is memory resident, it will infect .COM 
       programs, including COMMAND.COM, when they are executed or opened. 
       Infected programs will have a file length increase of 1,268 to 1,282 
       bytes with the virus being located at the end of the file.  The 
       file's date in the DOS disk directory listing will not be altered, 
       but the file time will have been altered to "10:47a".  The following 
       text strings are visible within the Slime viral code: 
 
               "STAC" 
               "Sleepwalker. (c) OPTUS 1993." 
 
       It is unknown what Sleepwalker does besides replicate.

Show viruses from discovered during that infect .

Main Page