Sluknov Virus


 Virus Name:  Sluknov 
 Aliases:    
 V Status:    Rare 
 Discovered:  September, 1993 
 Symptoms:    .COM file growth; 
              decrease in total system & available free memory 
 Origin:      Unknown 
 Eff Length:  867 - 875 Bytes 
 Type Code:   PRhCK - Resident Parasitic .COM Infector 
 Detection Method:  ViruScan, F-Prot, Sweep, NAV, ChAV, 
                    AVTK, NAVDX, VAlert, IBMAV, PCScan, 
                    NShld, Sweep/N, NAV/N, IBMAV/N, AVTK/N, Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Sluknov virus was submitted in September, 1993.  Its origin or 
       point of isolation is unknown.  Sluknov is a memory resident infector 
       of .COM programs, including COMMAND.COM. 
 
       When the first Sluknov infected program is executed, the Sluknov 
       virus will install itself memory resident at the top of system 
       memory but below the 640K DOS boundary, not moving interrupt 12's 
       return.  Total system and available free memory, as indicated by the 
       DOS CHKDSK program, will have decreased by 1,728 bytes.  Interrupt 
       21 will be hooked by the virus in memory. 
 
       Once memory resident, the Sluknov virus will infect .COM programs 
       when they are executed.  Infected programs will have a file length 
       increase of 867 to 875 bytes with the virus being located at the 
       end of the file.  The program's date and time in the DOS disk 
       directory listing will not be altered.  No text strings are visible 
       within the viral code. 
 
       It is unknown what Sluknov does besides replicate.

Show viruses from discovered during that infect .

Main Page