Undershove Virus


 Virus Name:  Undershove 
 Aliases:     439, Undershove.439 
 V Status:    New 
 Discovered:  January, 1996 
 Symptoms:    .COM file growth; "Invalid COMMAND.COM" message/error 
 Origin:      Unknown 
 Eff Length:  439 Bytes 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method: ChAV, F_Prot, AVTK, IBMAV, ViruScan, NAV, NAVDX, 
                   Innoc, AVTK/N, IBMAV/N, NShld, NAV/N 
 Removal Instructions:  Delete infected Files 
 
 General Comments: 
       The Undershove or Undershove.439 virus was received in January, 
       1996.  Its origin or point of isolation is unknown.  Undershove 
       is a non-resident direct action infector of .COM files, including 
       COMMAND.COM. 
 
       When a program infected with the Undershove virus is executed, 
       this virus will infect two .COM files located in the current 
       directory.  Infected files will have a file length increase of 
       322 bytes with the virus being located at the beginning of the 
       file.  The program's date and time in the DOS disk directory 
       listing will not be altered.  The following text string is visible 
       within the viral code: 
 
           "*.C?M" 
 
       Once the boot or COMSPEC copy of COMMAND.COM becomes infected by 
       this virus, the following message may be displayed on the 
       system console: 
 
           "Invalid COMMAND.COM 
            Insert disk with command.com in drive 
            Press any key to continue . . ." 
 
       The drive indicated will be the boot drive for the system.

Show viruses from discovered during that infect .

Main Page