Tack Virus


 Virus Name:  Tack 
 Aliases:     4-A 
 V Status:    Rare 
 Discovered:  May, 1992 
 Symptoms:    .COM file growth; file date/time changes; characters from 
              memory displayed on screen; system hangs 
 Origin:      Unknown 
 Eff Length:  449 - 464 Bytes 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method:  ViruScan, AVTK, F-Prot, Sweep, IBMAV, PCScan, ChAV, 
                    NAV, NAVDX, VAlert, 
                    NShld, Sweep/N, NProt, AVTK/N, NAV/N, IBMAV/N, Innoc, 
                    LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Tack, or 4-A, virus was received in May, 1992.  Its origin or 
       point of isolation is unknown.  Tack is a non-resident infector of 
       .COM programs, including COMMAND.COM. 
 
       When a program infected with the Tack virus is executed, the Tack 
       virus will infect one .COM program located in the current directory, 
       and display the following message: 
 
               "----------------- Hello, I am virus ! ------------" 
 
       Infected programs will have a file length increase of 449 to 464 
       bytes with the virus being located at the end of the file.  The 
       program's date and time in the DOS disk directory listing will be 
       updated to the current system date and time when infection occurred. 
       Besides the above text string, the following text strings can be 
       found within the viral code in Tack infected programs: 
 
               "????????COM" 
               "TACK" 
 
       Systems infected with the Tack virus may experience characters from 
       memory being displayed on the system monitor, and system hangs. 
 
       Known variant(s) of Tack are: 
       Tack-411: Received in August, 1993, Tack-411 is a 411 byte 
                 variant of the Tack virus described above.  This variant 
                 displays the following message each time an infected 
                 program is executed: 
                 "Infected file" 
                 It adds 411 to 426 bytes to the .COM programs it infects. 
                 In addition to the above message, this variant contains the 
                 following additional text strings within its viral code: 
                 "*.com" 
                 "????????COM7" 
                 Origin:  Unknown  August, 1993 
       Tack-477: Received in August, 1993, Tack-477 is a 477 byte 
                 variant of the Tack virus described above.  This variant 
                 displays the same message as the original virus, and adds 
                 477 to 492 bytes to the .COM programs it infected.  In 
                 addition to the above message, this variant contains the 
                 following additional text strings within its viral code: 
                 "*.com" 
                 "????????COM7" 
                 Origin:  Unknown  August, 1993

Show viruses from discovered during that infect .

Main Page