Suriv 2.01 Virus

Virus Name: Suriv 2.01 Aliases: April 1st-B, Israeli, Suriv02, Suriv A V Status: Extinct Discovered: 1987 Symptoms: TSR; .EXE growth; messages; system lock on April 1st Origin: Israel Eff Length: 1,488 bytes Type Code: PRsE - Parasitic Resident .EXE Infector Detection Method: ViruScan, F-Prot, AVTK, NAV, Sweep, IBMAV, NAVDX, VAlert, PCScan, ChAV, NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N Removal Instructions: F-Prot, or delete infected files General Comments: The Suriv 2.01 virus is a memory resident .EXE infector. It will activate on April 1st after memory is infected by running an infected file, displaying the same message as Suriv 1.01 and locking up the system. The virus will cause a similar lockup, though no message, 1 hour after an infected .EXE file is executed on any day on which the system default date of 01-01-80 is used. The virus will only infect the file once. Known variant(s) of Suriv 2.01 are: Suriv 2.01B: Received from France in April, 1994, this variant's based on the original Suriv 2.01 virus. When the first infected program is executed, it will install a 1,808 byte TSR, hooking interrupt 21. Once resident, it infects .EXE programs when they are executed. Infected programs will have a file length increase of 1,488 bytes with the virus being located at the beginning of the infected program. The file's date and time in the DOS disk directory listing will not be altered. The following text strings can be found within the viral code in all infected programs: "sURIV 2.01M" "EXE" "TMP$$TMP.EXE" Other text strings from memory may be found within the viral code, though they will not be consistent in all infected programs. Origin: France April, 1994.