Twin Peaks Virus
Virus Name: Twin Peaks
Aliases:
V Status: Viron
Discovered: September, 1992
Symptoms: .COM programs overwritten; boot failures; program corruption;
message
Origin: Australia
Eff Length: 1,310 Bytes
Type Code: ONCK - Overwriting Non-Resident .COM Infector
Detection Method: F-Prot, Sweep, IBMAV, NAVDX, PCScan,
ViruScan, NAV, VAlert, ChAV, AVTK 7.68+,
NShld, Sweep/N, IBMAV/N, Innoc, NAV/N, LProt,
AVTK/N 7.68+
Removal Instructions: Delete hidden infected files
General Comments:
The Twin Peaks virus was received from Australia in September, 1992.
Twin Peaks is a non-resident, direct action overwriting virus which
infects .COM programs, including COMMAND.COM
When a program infected with the Twin Peaks virus is executed, this
virus will infect one .COM program located on the C: drive. The
virus will then display the following text message, and return the
user to the DOS prompt:
"Welcome to Twin Peaks..
Your PC now has the Twin Peaks virus"
Programs infected with the Twin Peaks virus will have the first
1,310 bytes overwritten. There will be no change to the file's
date and time in the DOS disk directory listing. The above
message text strings are visible within infected files, as are
the following additional text strings:
"*.com*"
"??????????? ????????com\"
"????????exe ????????com"
See: VirDem