Squisher Virus

Virus Name: Squisher Aliases: Tiny Hunter V Status: Rare Discovered: August, 1992 Symptoms: .COM files overwritten Origin: USSR Eff Length: 340 Bytes Type Code: ORfCK - Overwriting Resident .COM Infector Detection Method: ViruScan, Sweep, AVTK, IBMAV, F-Prot, NAV, NAVDX, VAlert, PCScan, ChAV, NShld, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N, LProt Removal Instructions: Delete infected files General Comments: The Squisher or Tiny Hunter virus was received in August, 1992. It is originally from the USSR. Squisher is a memory resident overwriting virus which infects .COM programs, including COMMAND.COM. Unlike many overwriting viruses, programs infected with the Squisher virus will function properly. This virus uses some stealth techniques to avoid detection, similar to the ZeroHunt virus. When the first Squisher infected program is executed, the Squisher virus will install itself memory resident in a hole in low system memory, hooking interrupt 21. Total system and available free memory, as indicated by the DOS CHKDSK program, will not be altered. Once the Squisher virus is memory resident, it will infect .COM programs with at least 340 bytes of hex '00' characters when they are executed. Infected programs will have the virus inserted where the hex '00' characters were originally located. In the case of a program with more than 340 bytes of hex '00' characters, it may become infected multiple times. Infected programs will have no file length increase, and the file's date and time in the DOS disk directory listing will not be altered. No text strings are visible in the viral code. Squisher doesn't appear to do anything besides replicate.