Steryd Virus


 Virus Name:  Steryd 
 Aliases:     Steryd.399 
 V Status:    New 
 Discovered:  February, 1995 
 Symptoms:    .COM file growth 
 Origin:      Unknown 
 Eff Length:  399 Bytes 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method:  F-Prot, AVTK, IBMAV, Sweep, NAV, VAlert, 
                    ViruScan, NAVDX, PCScan, ChAV, 
                    NProt, IBMAV/N, AVTK/N, Sweep/N, NAV/N, NShld, Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Steryd virus was received in February, 1995.  Its origin or 
       point of isolation is unknown.  Steryd is a non-resident, direct 
       action infector of .COM files, including COMMAND.COM.  It does not 
       infect .COM files smaller than approximately 400 bytes. 
 
       When a program infected with the Steryd virus is executed, this 
       virus will infect all of the .COM files in the current directory. 
       Infected files will have a file length increase of 399 bytes with 
       the virus being located at the beginning of the file.  The program's 
       date and time in the DOS dik directory listing will not be altered. 
       The following text string is visible within the viral code in all 
       infected programs: 
 
               "Xftpmzdi!Txjbu!j!T{d{ftmjxfhp!Opxfhp!Splv![zd{y!" 
               "TUFSZE" 
 
       The name of the virus is the second text string above with each 
       character one value less than the coded string, "STERYD".  This 
       same procedure applied to the first text string results in the 
       following: 
 
               "Wesolych Swiat i Szczesliwego Nowego Roku zyczy"

Show viruses from discovered during that infect .

Main Page