Arara Virus


 Virus Name:  Arara 
 Aliases:     Arara.1057 
 V Status:    New 
 Discovery:   July, 1994 
 Symptoms:    .COM file growth 
 Origin:      Unknown 
 Eff Length:  1,057 - 1,062 Bytes 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method:  F-Prot, AVTK, Sweep, IBMAV, NAV, NAVDX, VAlert, 
                    PCScan, ViruScan, ChAV, 
                    AVTK/N, Sweep/N, IBMAV/N, NShld, NAV/N, NProt, LProt, 
                    Innoc 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Arara or Arara.1057 virus was received in July, 1994.  Its origin 
       or point of isolation is unknown.  Arara is a non-resident, direct 
       action infector of .COM programs, including COMMAND.COM. 
 
       When a program infected with the Arara virus is executed, this virus 
       will infect one .COM program located in the current directory. 
       Infected programs will have a file length increase of 1,057 to 1,062 
       bytes with the virus being located at the end of the file.  The 
       program's date and time in the DOS disk directory listing will not be 
       altered.  The following text strings are encrypted within the viral 
       code: 
 
               "[ARARA]" 
               "*.COM" 
               "ILASA MICALAZODA OLAPIRETA IALPEREJI BELIORE: 
                DAS ODO BUSADIRE OIAD OUOARESA" 
               "CAOSAGO: CASAREMEJI LAIADA ERANU BERINUTASA CAFAFAME DAS 
                IVEMEDA AQOSO ADOHO" 
               "MOZ, OD MAOFASA. BOLAPE COMO BELIORETA PAMEBETA. 
                ZODACARE OD ZODAMERANU! ODO" 
               "CICALE QAA. ZODOREJE, LAPE ZODIREDO NOCO MADA, 
                HOATHAHE SAITAN!" 
 
       It is unknown what Arara may do besides replicate.

Show viruses from discovered during that infect .

Main Page