Tobacco Virus

Virus Name: Tobacco Aliases: V Status: Rare Discovery: April, 1992 Symptoms: .COM & .EXE growth; TSR Origin: Unknown Eff Length: 2,900 - 2,914 Bytes Type Code: PRsAK - Parasitic Resident .COM & .EXE Infector Detection Method: AVTK, F-Prot, ViruScan, IBMAV, ChAV, NAV, Sweep, NAVDX, VAlert, PCScan, NShld, Sweep/N, LProt, Innoc, AVTK/N, IBMAV/N, NAV/N Removal Instructions: Delete infected files General Comments: The Tobacco virus was received in April, 1992. Its origin or point of isolation is unknown. Tobacco is a memory resident infector of .COM and .EXE programs, including COMMAND.COM. This virus is based on the Plastique virus. When the first Tobacco infected program is executed, the Tobacco virus will install itself memory resident as a low system memory TSR of 3,152 bytes. It will hook interrupt 21. Once the Tobacco virus is memory resident, it will infect .COM and .EXE programs, including COMMAND.COM, when they are executed or opened. With the exception of COMMAND.COM, infected .COM programs will have a file length increase of 2,900 bytes with the virus being located at the beginning of the infected file. .EXE programs infected by Tobacco will increase in size by 2,900 to 2,914 bytes with the virus being located at the end of the file. COMMAND.COM will not have any file length increase when it becomes infected by Tobacco. The following text strings can be found in all Tobacco infected programs: "Tobacco v2" "AntiDacha. 21193We don't want" "gypsies in our" "world. We don't" "want DACHAs." "1991 2nd Tabacalera gana siempre. Tobacco Ver. 2.0" It is unknown what Tobacco does besides replicate. Known variant(s) of Tobacco are: Tobacco-B: Similar to the original Tobacco virus, this variant does not infect COMMAND.COM. The text strings within the viral code have been changed to: "Tobacco v2" "We don't want" "gypsies in our" "world. DHC 1997" "ENIGMA MCMXCVIIII@TTF" "1991 2nd Tabacalera gana siempre. Tobacco Ver. 2.0" Origin: Unknown April, 1992. See: Plastique