VirDem-792 Virus

Virus Name: VirDem-792 Aliases: V Status: Rare Discovered: January, 1992 Symptoms: .COM file growth Origin: Unknown Eff Length: 792 - 1,526 Bytes Type Code: PNCK - Parasitic Non-Resident .COM Infector Detection Method: ViruScan, AVTK, Sweep, IBMAV, NAV, ChAV, F-Prot, NAVDX, VAlert, PCScan, NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N Removal Instructions: Delete infected files General Comments: The VirDem-792 virus was received in January, 1992. Its origin or point of original isolation are unknown. VirDem-792 is a non- resident, direct action infector of .COM files, including COMMAND.COM. It is based on the VirDem and Burger viruses. When a program infected with VirDem-792 is executed, the VirDem-792 virus will search the current drive and directory to locate the first uninfected .COM file. If COMMAND.COM is located in this directory, it may become infected. If an uninfected .COM file is found, the VirDem-792 virus will infect it, and then the program the user was attempting to execute will run. VirDem-792 infected files will have a file length increase of 792 bytes if the file's pre-infection file length was at least 736 bytes. Files whose pre-infection file length was less than 736 bytes will increase in size to 1,528 bytes with infection of the VirDem-792 virus. The virus will be located at the beginning of the infected file, and the file's date and time in the DOS disk directory listing will not have been altered. The following text strings can be found within the viral code in VirDem-792 infected files: "*.com *" "? ????????exe" "????????com" "Generation" Following the word "Generation", a number can be seen. This number is the generation number of the virus within this file. It is incremented by one and stored in the newly infected files. The Generation number doesn't appear to ever be reset, so it should be possible to trace to some extent the order of infection of files. See: Burger VirDem VirDem-1542 Wonderful