Voodoo Virus


 Virus Name:  Voodoo 
 Aliases: 
 V Status:    New 
 Discovered:  April, 1994 
 Symptoms:    .COM & .EXE growth; file date/time changes; 
              programs may not function properly 
 Origin:      Unknown 
 Eff Length:  4,745 Bytes 
 Type Code:   PNA - Parasitic Non-Resident .COM & .EXE Infector 
 Detection Method:  F-Prot, AVTK, IBMAV, NAV, Sweep, ViruScan, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    AVTK/N, NShld, NAV/N, Sweep/N, IBMAV/N, Innoc, LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Voodoo virus was received in April, 1994.  Its origin or point of 
       isolation is unknown.  Voodoo is a non-resident, direct action 
       infector of .COM and .EXE programs, but not COMMAND.COM. 
 
       When a Voodoo infected program is executed, this virus will infect 
       one .COM or .EXE program located in the current directory.  Infected 
       programs will have a file length increase of 4,745 bytes with the 
       virus being located at the beginning of the file.  The program's 
       date and time in the DOS disk directory listing will have been 
       updated to the current system date and time when infection occurred. 
       The following text strings are encrypted within the Voodoo viral 
       code: 
 
               "*.com" 
               "COMMAND.COM" 
               "*.exe" 
               "Do ya know it's Vesselin Bontchev's birthday 2day?" 
               "He studies how 2 kill virii like this 1." 
               "Yar probably happy that there r people like him.. so.." 
               "why not write him a birthday message.." 
               "the adress is :*BONTCHEV@BIHH.INFORMATIK.UNI-HAMBURG.DE..." 
               "Just remember 2 say we put ya up 2 it... :-)" 
               "Bontchev's Birthday (c) [VooDoo]" 
               "temp.com"

Show viruses from discovered during that infect .

Main Page