Vindicator Virus

Virus Name: Vindicator Aliases: V Status: Rare Discovered: January, 1992 Isolated: Unknown Symptoms: .COM file growth; decrease in total system and available free memory; system hangs on 386 based systems Origin: Unknown Eff Length: 734 Bytes Type Code: PRhCK - Parasitic Resident .COM Infector Detection Method: F-Prot, Sweep, ViruScan, AVTK, IBMAV, NAV, NAVDX, VAlert, PCScan, ChAV, NShld, Sweep/N, LProt, Innoc, NProt, AVTK/N, IBMAV/N, NAV/N Removal Instructions: Delete infected files General Comments: The Vindicator virus was submitted in January, 1992. Its origin is unknown. Vindicator is a memory resident infector of .COM programs, including COMMAND.COM. The first time a program infected with the Vindicator virus is executed, Vindicator will install itself memory resident at the top of system memory but below the 640K DOS boundary. Total system and available free memory, as indicated by the DOS CHKDSK program, will have decreased by 1,536 bytes. Interrupts 1C and 21 will be hooked by Vindicator in memory. The virus will also infect COMMAND.COM at this time if it was not previously infected. Once the Vindicator virus is memory resident, it will infect .COM programs when they are opened or executed. Infected programs will have a file length increase of 734 bytes with the virus being located at the beginning of the program. The file's date and time in the DOS disk directory listing will not be altered. The following text string can be found within the viral code in all Vindicator infected programs: "VINDICATOR1" It is unknown what Vindicator does besides replicate.