Tornado Virus


 Virus Name:  Tornado 
 Aliases:     Tornado.461 
 V Status:    New 
 Discovery:   January, 1996 
 Symptoms:    .COM file growth 
 Origin:      Unknown 
 Eff Length:  461 Bytes 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method:  F-Prot, AVTK, IBMAV, NAV, NAVDX, ViruScan, ChAV, 
                    AVTK/N, IBMAV/N, NAV/N, NShld, Innoc 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Tornado or Tornado.461 virus was received in January, 1996.  Its 
       origin or point of isolation is unknown.  Tornado is a non-resident, 
       direct action infector of .COM files, including COMMAND.COM. 
 
       When a program infected with the Tornado virus is executed, this 
       virus will infect one or two .COM files located in the current 
       directory, though it will quit infecting files in the current 
       directory once it encounters a very small .COM file. 
 
       Programs infected with the Tornado virus will have a file length 
       increase of 461 bytes with the virus being located at the end of the 
       file.  The program's date and time in the DOS disk directory listing 
       will not be altered.  The following text string is visible within 
       the viral code: 
 
           "[ Red-Zar / TorNado ]" 
 
       Additionally, the text string "RZ" can be found starting in the 
       fourth byte of all infected files.  The text string "*.COM" is 
       encrypted within the viral code, and is not visible within the 
       viral code in infected files.

Show viruses from discovered during that infect .

Main Page