Sundevil Virus


 Virus Name:  Sundevil 
 Aliases:    
 V Status:    New 
 Discovered:  June, 1993 
 Symptoms:    .COM file growth; beeping and message displayed; system hangs 
 Origin:      Canada 
 Eff Length:  691 Bytes 
 Type Code:   PRfCK - Parasitic Resident .COM Infector 
 Detection Method:  ViruScan, F-Prot, AVTK, IBMAV, Sweep, NAVDX, 
                    NAV, VAlert, PCScan, ChAV, 
                    NShld, AVTK/N, Sweep/N, NProt, IBMAV/N, Innoc, NAV/N, 
                    LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Sundevil virus was submitted in June, 1993.  Its origin or 
       point of isolation is unknown.  Sundevil is a memory resident 
       infector of .COM programs, including COMMAND.COM. 
 
       When the first Sundevil infected program is executed, the Sundevil 
       virus will install itself in available free memory at 9000:0000, 
       hooking interrupt 21.  Total system and available free memory, as 
       indicated by the DOS CHKDSK program, will not be altered. 
 
       Once the Sundevil virus is memory resident, it will infect .COM 
       programs when they are executed or opened for any reason.  Infected 
       programs will have a file length increase of 691 bytes with the 
       virus being located at the end of the file.  The program's date and 
       time in the DOS disk directory listing will not be altered.  The 
       following text strings are visible within the Sundevil viral code 
       in all infected programs: 
 
               "There is no America." 
               "There is no Democracy." 
               "There is only IBM, ITT, and AT&T." 
               "This virus is dedicated to all that have been busted" 
               "for computer hacking activities." 
               "The SunDevil Virus (C) 1993 by Crypt Keeper" 
               "[Sundevil]" 
               "TCOM" 
 
       The above text is occassionally displayed by the virus as a 
       message on the system display, accompanied by beeping.  System 
       hangs may also occur on infected systems. 
 
       Known variant(s) of Sundevil are: 
       Sundevil.762: Received in January, 1995, Sundevil.762 is a 762 
               byte variant of the Sundevil virus described above.  It 
               adds 762 bytes to the .COM programs it infects.  The virus 
               will be located at the end of the file.  The following 
               text strings are visible within the viral code in all 
               infected programs: 
               "COM" 
               "There is no America." 
               "There is no Democracy." 
               "There is only IBM, ITT, and AT&T." 
               "Sundevil ][ by Crypt Keeper [RoT] -Reign of Terror-" 
               "[SUNDEVIL 2]" 
               "Insert disk with COMMAND.COM in drive A: and press any key." 
               Origin:  Unknown  January, 1995.

Show viruses from discovered during that infect .

Main Page