Warrior Virus


 Virus Name:  Warrior 
 Aliases:    
 V Status:    Rare 
 Discovered:  May, 1991 
 Symptoms:    .EXE growth; unexpected access to system hard disk 
 Origin:      Bulgaria 
 Eff Length:  1,024 Bytes 
 Type Code:   PRfE - Parasitic Resident .EXE Infector 
 Detection Method:  ViruScan, AVTK, F-Prot, PCScan, ChAV, 
                    NAV, Sweep, IBMAV, NAVDX, VAlert, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Warrior virus was submitted in May, 1991.  It is from Bulgaria. 
       Warrior is a memory resident infector of .EXE programs. 
 
       The first time a program infected with Warrior is executed, the 
       virus will install itself memory resident at the top of available 
       system memory, but below the 640K DOS boundary.  The virus hooks 
       interrupts 21 and 22.  At this time, the Warrior virus will access 
       the C: drive, infecting all .EXE programs located in the root 
       directory.  It will also infect one .EXE program in the current 
       drive and directory. 
 
       After Warrior is memory resident, it will infect .EXE programs 
       when they are opened or executed.  Infected programs will increase 
       in size by 1,024 bytes with the viral code being located at the 
       end of the infected file.  The program's date and time in the DOS 
       disk directory will not be altered. 
 
       Programs infected with Warrior will contain the following text 
       strings: 
 
               "... and justice for all!" 
               "Dream Over ...  And the alone warrior is warrior. 
                The powerfull WARRIOR!" 
               "????????EXE" 
 
       It is unknown if Warrior does anything besides replicate. 
 
       Known variant(s) of Warrior are: 
       Warrior 2: Received in November, 1993, Warrior 2 is a non- 
                  resident version of the Warrior virus described above. 
                  It infects four .EXE files located in the C: drive 
                  current directory, and one .EXE file located in the 
                  current drive current directory, each time an infected 
                  program is executed.  Like the original virus, it adds 
                  1,024 bytes to infected files, with the virus being 
                  located at the end of the program.  The file's date and 
                  time in the DOS disk directory listing will not be altered. 
                  The following text strings are visible within the viral 
                  code in all infected programs: 
                  "*.txt"            
                  "... and justice for all! (US constitution)" 
                  "Dream Over ..." 
                  "????????EXE" 
                  Origin:  Unknown  November, 1993. 
  
       See:   Brainy

Show viruses from discovered during that infect .

Main Page