Sol Virus

Virus Name: Sol Aliases: Sol.545 V Status: New Discovered: January,1996 Symptoms: .COM file growth; file date/time seconds = "60" or "62"; decrease in available free memory; boot failures Origin: Unknown Eff Length: 545 Bytes Type Code: PRhCK - Parasitic Resident .COM Infector Detection Method: IBMAV, ViruScan, AVTK, NAV, NAVDX, F-Prot, ChAV, IBMAV/N, NShld, AVTK/N, NAV/N, Innoc Removal Instructions: Delete infected files General Comments: The Sol or Sol.545 virus was received in January, 1996, along with one variant, Sol.557. Sol is a memory resident infector of .COM files, including COMMAND.COM. When the first Sol infected program is executed, this virus will install itself memory resident at the top of system memory but below the 640K DOS boundary, not moving interrupt 12's return. Available free memory, as indicated by the DOS CHKDSK program from DOS 5.0, will have decreased by 1,040 bytes. Interrupts 21, 24, and 27 will be hooked by the virus in memory. Once the Sol virus is memory resident, it will infect .COM files when they are executed. Infected programs will have a file length increase of 545 bytes with the virus being located at the end of the file. The program's date and time in the DOS disk directory listing will not appear to be altered, though the seconds field will have been set to "60" or "62". No text strings are visible within the viral code. Systems infected with the Sol virus will fail to boot once the boot copy of COMMAND.COM becomes infected. Known variant(s) of Sol are: Sol.557: Also received in January, 1996, this is a 557 byte variant of the Sol virus described above. It adds 557 bytes to the .COM files it infects, including COMMAND.COM. The virus will be located at the end of the file, and the seconds field in the file's date and time in the DOS disk directory listing will have been set to "60" or "62". Origin: Unknown January, 1996.