Tamanna Virus

Virus Name: Tamanna Aliases: V Status: New Discovered: February, 1994. Symptoms: .COM & .EXE growth; Read Only Attribute set on files; decrease in total system & available free memory Origin: Unknown Eff Length: 1,857 - 1,872 Bytes Type Code: PRhAK - Parasitic Resident .COM & .EXE Infector Detection Method: F-Prot, AVTK, ViruScan, IBMAV, Sweep, NAVDX, NAV, VAlert, PCScan, NShld, AVTK/N, NProt, Sweep/N, IBMAV/N, NAV/N, LProt Removal Instructions: Delete infected files General Comments: The Tamanna virus was received in February, 1994. Its origin or point of isolation is unknown. Tamanna is a memory resident infector of .COM and .EXE programs, including COMMAND.COM. When the first Tamanna infected program is executed, the Tamanna virus will install itself memory resident at the top of system memory but below the 640K DOS boundary, hooking interrupts 1C and 21. Interrupt 12's return will not be moved. Total system and available free memory, as indicated by the DOS CHKDSK program, will have decreased by 1,888 bytes. Once the Tamanna virus is memory resident, it will infect .COM and .EXE programs when they are executed. Infected programs will have a file length increase of 1,857 to 1,872 bytes with the virus being located at the end of the file. The program's date and time in the DOS disk directory listing will not be altered, but the read only attribute will be set. The following text strings are encrypted within the Tamanna viral code in all infected programs: "Tamanna" "Wish.." "Facts need no recognition" "A silent friend" "DHAKA" "Press T to reconcile with my Wish" "OK carry on >>" "File has been modified" "Rebuilding..." "Standby while rebooting" It is unknown what Tamanna may do besides replicate.