TenBytes Virus


 Virus Name:  TenBytes 
 Aliases:     1554, 9800:0000 Virus, V-Alert, 1559 
 V Status:    Rare 
 Discovery:   February, 1990 
 Symptoms:    .COM & .EXE growth, TSR, linkage corruption, system hang 
 Origin:      Unknown 
 Eff Length:  1,554 Bytes 
 Type Code:   PRfAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  AVTK, F-Prot, NAV, Sweep, PCScan, ChAV, 
                    ViruScan, IBMAV, NAVDX, VAlert, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  F-Prot, or delete infected files 
 
 General Comments: 
       The TenBytes, or 1554, virus was accidentally sent out over the 
       VALERT-L network on February 13, 1990 to approximately 600 
       subscribers.  When a program is executed that is infected with the 
       TenBytes virus, the virus installs itself memory resident.  It will 
       then proceed to infect .COM files over 1000 bytes in length and .EXE 
       files over 1024 bytes in length, including COMMAND.COM, increasing 
       their length after infection by 1,554 to 1,569 bytes. 
 
       The TenBytes virus activates in September, October, November, or 
       December of any year.  Upon activation, any files which are written 
       will be missing the first ten bytes.  At the end of these files, ten 
       bytes of miscellaneous characters will appear.  In effect, both 
       program and data files will be corrupted. 
 
       If the TenBytes virus is executed on a system with less than 640K of 
       system memory, the virus will hang the system. 
 
       Known variant(s) of TenBytes are: 
       1415: The 1415 virus is based on the TenBytes virus described 
             above.  It becomes memory resident in free low system memory, 
             hooking interrupts 21 and 49.  The 1415 virus infects .COM and 
             .EXE programs, including COMMAND.COM, when they are executed. 
             Infected programs increase in size by 1,415 to 1,462 bytes 
             with the virus being located at the end of the file.  There 
             will be no change in the file's date and time in the DOS disk 
             directory listing. 
             Origin:  Unknown  August, 1991. 
       TenBytes-1514: The TenBytes-1514 virus is based on the TenBytes 
             virus described above.  It installs itself memory resident 
             in available free memory.  Once resident, it will infect .COM 
             and .EXE programs, including COMMAND.COM, when they are 
             executed.  Infected programs increase in size by 1,518 to 
             1,569 bytes with the virus being located at the end of the 
             file.  Infected systems may notice that files written to 
             disk may be missing the first 10 characters which were in the 
             file, thus corrupting the file. 
             Origin:  Unknown  November, 1991. 
       TenBytes-1514B: Functionally equivalent to the TenBytes-1514, 
             virus, this variant differs in a few bytes. 
             Origin:  Unknown  November, 1991.

Show viruses from discovered during that infect .

Main Page