VLamix Virus


 Virus Name:  VLamix 
 Aliases:     VLamix-1 
 V Status:    New 
 Discovered:  September, 1994 
 Symptoms:    .EXE file growth; B: drive may be overwritten; 
              decrease in total system & available free memory; 
              interfers with functionality of CPAV and MSAV 
 Origin:      Belgium 
 Eff Length:  1,091 - 1,106 Bytes 
 Type Code:   PRhE - Parasitic Resident .EXE Infector 
 Detection Method:  AVTK, IBMAV, ViruScan, Sweep, F-Prot, NAV, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    Sweep/N, IBMAV/N, AVTK/N, NShld, NProt, NAV/N, LProt, 
                    Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The VLamix virus was isolated in Belgium in September, 1994, where 
       it is reported to be "in the wild".  It is a memory resident fast 
       infector of .EXE programs. 
 
       When the first VLamix infected program is executed, this virus will 
       install itself memory resident at the top of system memory but below 
       the 640K DOS boundary, not moving interrupt 12's return.  Total 
       system and available free memory, as indicated by the DOS CHKDSK 
       program, will have decreased by 1,136 bytes.  Interrupts 10 and 21 
       will be hooked by the virus in memory. 
 
       Once memory resident, this virus will infect .EXE programs when they 
       are executed, opened, or copied.  Infected programs will have a file 
       length increase of 1,091 to 1,106 bytes with the virus being located 
       at the end of the file.  The program's date and time in the DOS disk 
       directory listing will not be altered.  The following text strings 
       are encrypted within the viral code: 
 
               "smartc*.cps chklist.*" 
               "-=* DIE_LAMER *=-" 
               "CHKLIST ???" 
               "CHKLIST.CPS" 
               "VLamiX-1" 
 
       This virus is unable to determine when it has previously infected a 
       file, so it will reinfect .EXE programs.  Each reinfection of an 
       .EXE file will add an additional 1,104 bytes to the file's length. 
 
       The VLamix virus contains code to overwrite the diskette in the B: 
       diskette drive when the second text string above is displayed on 
       the system monitor.  It also interfers with the functionality of 
       Central Point Anti-Virus and Microsoft Anti-Virus by deleting the 
       program's data files which have a base file name of SMARTC* and 
       CHKLIST.

Show viruses from discovered during that infect .

Main Page