Uta Virus


 Virus Name:  Uta 
 Aliases:     Uta.670 
 V Status:    New 
 Discovered:  July, 1995 
 Symptoms:    .COM file growth; 
              decrease in total system & available free memory 
 Origin:      Unknown 
 Eff Length:  670 Bytes 
 Type Code:   PRtCK - Parasitic Resident .COM Infector 
 Detection Method: VAlert, AVTK, NAV, NAVDX, IBMAV, ViruScan, F-Prot, 
                   ChAV, 
                   NAV/N, IBMAV/N, NShld, AVTK/N, LProt, Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Uta or Uta.670 virus was received in July, 1995.  Its origin or 
       point of isolation is unknown.  Uta is a memory resident infector 
       of .COM files, including COMMAND.COM. 
 
       When the first Uta infected program is executed, this virus will 
       install itself memory resident at the top of system memory but 
       below the 640K DOS boundary, moving interrupt 12's return.  Total 
       system and available free memory, as indicated by the DOS CHKDSK 
       program from DOS 5.0, will have decreased by 2,048 bytes.  Interrupts 
       21, 22, and 24 will be hooked by the virus in memory. 
 
       Once the Uta virus is memory resident, it will infect .COM programs 
       when they are executed or opened, but not on copy.  Infected .COM 
       files will have a file length increase of 670 bytes with the virus 
       being located at the end of the file.  The program's date and time 
       in the DOS disk directory listing will not be altered.  The 
       following text strings are visible within the viral code: 
 
           "UŠta" 
           "COum"

Show viruses from discovered during that infect .

Main Page