Sylwia Virus


 Virus Name:  Sylwia 
 Aliases: 
 V Status:    New 
 Discovered:  January, 1995 
 Symptoms:    .COM file growth; unexpected system reboots; 
              decrease in available free memory (DOS 5.0) 
 Origin:      Unknown 
 Eff Length:  734 Bytes 
 Type Code:   PRhCK - Parasitic Resident .COM Infector 
 Detection Method:  F-Prot, AVTK, IBMAV, Sweep, ViruScan, NAV, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    AVTK/N, IBMAV/N, Sweep/N, NProt, NShld, NAV/N, LProt, 
                    Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Sylwia virus was received in January, 1995.  Its origin or 
       point of isolation is unkown.  Sylwia is a memory resident infector 
       of .COM files, including COMMAND.COM.  Unexpected system reboots 
       may occur when infected programs are executed. 
 
       When the first Sylwia infected program is executed, this virus will 
       install itself memory resident at the top of system memory but below 
       the 640K DOS boundary, not moving interrupt 12's return.  Available 
       free memory, as indicated by the DOS 5.0 CHKDSK program, will have 
       decreased by approximated 1,008 bytes.  Interrupt 21 will be hooked 
       by the virus in memory. 
 
       Once the Sylwia virus is memory resident, it will infect .COM 
       programs when they are executed.  Infected .COM programs will have 
       a file length increase of 734 bytes with the virus being located at 
       the end of the file.  The program's date and time in the DOS disk 
       directory listing will not be altered.  The following text string 
       is visible within the viral code in all Sylwia infected programs: 
 
               "SYLWIA"

Show viruses from discovered during that infect .

Main Page