Varicell Virus


 Virus Name:  Varicell 
 Aliases:     Varisela 
 V Status:    New 
 Discovered:  September, 1993 
 Symptoms:    .COM & .EXE file growth; 
              decrease in total system & available free memory 
 Origin:      Unknown 
 Eff Length:  1,482 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  F-Prot, AVTK, ViruScan, Sweep, IBMAV, 
                    NAV, NAVDX, VAlert, PCScan, ChAV, 
                    NProt, Sweep/N, NShld, AVTK/N, IBMAV/N, Innoc, NAV/N, 
                    LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Varicell, or Varisela, virus was submitted in September, 1993. 
       Its origin or point of isolation is unknown.  Varicell is a memory 
       resident infector of .COM and .EXE programs, including COMMAND.COM. 
       It is a fast infector, and also a stealth virus. 
 
       When the first Varicell infected program is executed, the Varicell 
       virus will install itself memory resident at the top of system 
       memory but below the 640K DOS boundary, not moving interrupt 12's 
       return.  Total system and available free memory, as indicated by the 
       DOS CHKDSK program, will have decreased by 1,536 bytes.  Interrupts 
       13, 1C, 21, and 22 are hooked by Varicell in memory. 
 
       Once the Varicell virus is memory resident, it will infect .COM and 
       .EXE programs when they are executed, opened, or copied.  Infected 
       programs will have a file length increase of 1,482 bytes, though the 
       file length increase will be hidden by the virus when it is memory 
       resident.  The program's date and time in the DOS disk directory 
       listing will not be altered.  No text strings are visible within the 
       Varicell viral code in infected programs. 
 
       It is unknown what Varicell does besides replicate.

Show viruses from discovered during that infect .

Main Page