Telecom Virus


 Virus Name:  Telecom 
 Aliases:     Telefonica, Telecom File, Spanish Telecom-2 
 V Status:    Common 
 Discovered:  June, 1991 
 Symptoms:    .COM file growth; decrease in total system and available 
              memory; hard disk formatted 
 Origin:      Spain 
 Eff Length:  3,700 Bytes 
 Type Code:   PRhC - Parasitic Resident .COM Infector 
 Detection Method:  ViruScan, F-Prot, Sweep, AVTK, NAV, IBMAV, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Telecom, Telefonica, or Telecom File virus was first reported 
       in December, 1990, in Spain.  Though several samples of Telecom 
       were received in early 1991, the first replicable sample arrived 
       in June, 1991.  This sample is also from Spain.  Telecom is a 
       memory resident infector of .COM programs.  It also carries a 
       variant of the Anti-Tel virus which it will install on the hard 
       disk master boot sector (partition table).  Telecom was written by 
       the same individual as the Anti-Tel and Holocaust viruses.  All of 
       these viruses are encrypted viruses. 
 
       When a program infected with Telecom is executed, Telecom will 
       install itself memory resident at the top of system memory but 
       below the 640K DOS boundary, interrupt 12's return will not be 
       moved.  Total system and available free memory, as measured by 
       the DOS CHKDSK program, will have decreased by 3,984 bytes. 
       Interrupt 21 will be hooked by the Telecom virus in memory. 
 
       Once Telecom is memory resident, it will infect .COM programs 
       larger than approximately 1K in size when they are executed. 
       Infected .COM programs increase in size by 3,700 bytes, though 
       the file length increase cannot be seen in the disk directory 
       listing as the virus hides it.  The virus alters the file's date 
       in the directory by adding 100 to the year, this is also not 
       readily apparent.  The date alteration is how Telecom determines 
       if the file is already infected. 
 
       With Telecom memory resident, it will infect the hard disk master 
       boot sector with a variant of the Anti-Tel virus when the user 
       accesses a file or program on the hard disk.  See the description 
       for Anti-Tel for information on the master boot sector infection. 
       The master boot sector infection does not contain a complete copy 
       of the Telecom virus, so it by itself cannot infect files. 
 
       The file infector portion of Telecom does not contain an activation 
       mechanism per say, the activation mechanism is in the master boot 
       sector infection.  After 400 system boots from an infected disk, the 
       virus will overwrite the system hard drives. 
 
       See:   Anti-Tel   Holocaust

Show viruses from discovered during that infect .

Main Page