Traceback 3029 Virus


 Virus Name:  Traceback 3029 
 Aliases:     Traceback-4 
 V Status:    Rare 
 Discovered:  December, 1991 
 Symptoms:    .COM & .EXE growth; TSR; graphic display 1 hour after boot 
 Origin:      Unknown 
 Eff Length:  3,029 bytes 
 Type Code:   PRsAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  NAV, ViruScan, Sweep, F-Prot, AVTK, NAVDX, 
                    IBMAV, VAlert, PCScan, ChAV, 
                    NShld, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N, 
                    LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Traceback 3029, or Traceback-4, virus was submitted in 
       December, 1991.  Its origin or point of original isolation is 
       unknown.  Traceback 3029 is a memory resident infector of .COM 
       and .EXE programs, including COMMAND.COM.  It activates one 
       hour after becoming memory resident. 
 
       When the first Traceback 3029 infected program is executed, the 
       Traceback 3029 virus will infect one .COM program in the current 
       directory.  If the first infected program executed happens to 
       be a .COM program, the virus will also become memory resident as 
       a low system memory TSR of 7,696 bytes.  It will have hooked 
       interrupts 1C, 20, 21, and 27.  If the first program executed was 
       not a .COM program, the virus will not become memory resident 
       until the user executes an infected .COM file. 
 
       Once Traceback 3029 becomes memory resident, it will infect .COM 
       and .EXE programs as they are executed.  In addition to infecting 
       the current program, the virus will also infect one additional 
       .COM or .EXE program.  Traceback 3029 infected files will have a 
       file length increase of 3,029 bytes.  The virus will be located 
       at the end of the infected file.  The file's date and time in a 
       DOS disk directory listing will not have been altered.  The 
       following text strings can be found within the viral code in 
       infected files: 
 
               "BASE" 
               "*.COM" 
               "????????COM" 
               "???????????" 
               "SPC FIL" 
 
       Traceback 3029 activates after it has been memory resident for one 
       hour.  At that time, all the characters on the system display will 
       "cascade" into a pile at the bottom of the screen.  After one 
       minute has elasped, the system displayed will be restored to its 
       "pre-cascade" display. 
 
       See:   Spanish   Traceback   Traceback II

Show viruses from discovered during that infect .

Main Page