Suriv 1.01 Virus

Virus Name: Suriv 1.01 Aliases: April 1st, Israeli, Suriv01, Suriv A, Suriv I V Status: Extinct Discovered: April, 1987 Symptoms: TSR; .COM growth; messages; system lock on April 1st Origin: Israel Eff Length: 897 bytes Type Code: PRsC - Parasitic Resident .COM Infector Detection Method: ViruScan, F-Prot, AVTK, NAV, Sweep, IBMAV, NAVDX, VAlert, PCScan, ChAV, NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N Removal Instructions: F-Prot, or delete infected files General Comments: The Suriv 1.01 virus is a memory resident .COM infector. It will activate on April 1st after memory is infected by running an infected file and then a uninfected .COM file is executed. On activation, it will display the message: "APRIL 1ST HA HA HA YOU HAVE A VIRUS". The system will then lock up, requiring it to be powered off and then back on. The text "sURIV 1.01" can be found in the viral code. Known variants of Suriv 1.01 are: Suriv I.1756: Received in January, 1995, Suriv I.1756 is a non-resident, direct action infector of .COM files, but not COMMAND.COM. It infects one .COM file of at least 1,756 bytes located in the current directory when an infected program is executed. This variant overwrites the beginning of the host program with its viral code. The file's date and time in the DOS disk directory listing will not be altered. The following text strings can be found within the viral code in all Suriv I.1756 infected files: "COMMAND.COM*.cOm CLEAN.COM" "cOcK!sUcKrI" "COMMAND.COM" ".COM ENGLISH SUCKERS DIE IN BUENOS AIRES!" "MADE IN ARGENTINA91" "ARG10" Origin: Unknown January 1995. See: Suriv 4.02