Tu-482 Virus


 Virus Name:  Tu-482 
 Aliases:    
 V Status:    New 
 Discovered:  February, 1993 
 Symptoms:    .COM file growth; decrease in total system and available 
              memory 
 Origin:      USSR 
 Eff Length:  482 Bytes 
 Type Code:   PRhCK - Parasitic Resident .COM Infector 
 Detection Method:  Sweep, AVTK, F-Prot, ViruScan, IBMAV, 
                    NAV, NAVDX, VAlert, ChAV, 
                    Sweep/N, NShld, NAV/N, AVTK/N, NProt, IBMAV/N, Innoc 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Tu-482 virus was submitted in February, 1993, and is originally 
       from the USSR.  Tu-482 is a memory resident infector of .COM 
       programs larger than approximately 8K, including COMMAND.COM. 
 
       When the first Tu-482 infected program is executed, the Tu-482 virus 
       will install itself memory resident at the top of system memory but 
       below the 640K DOS boundary, hooking interrupt 21.  Total system and 
       available free memory, as indicated by the DOS CHKDSK program, will 
       have decreased by 512 bytes.  Interrupt 12's return will not have 
       been moved. 
 
       Once the Tu-482 virus is memory resident, it will infect .COM 
       programs larger than approximately 8K in size when they are executed. 
       Infected programs will have a file length increase of 482 bytes with 
       the virus being located at the end of the file.  The program's date 
       and time in the DOS disk directory listing will not be altered.  No 
       text strings are visible within the viral code in Tu-482 infected 
       programs. 
 
       It is unknown if Tu-482 does anything besides replicate.

Show viruses from discovered during that infect .

Main Page