Warsaw-850 Virus


 Virus Name:  Warsaw-850 
 Aliases:     Warsaw 
 V Status:    New 
 Discovered:  August, 1993 
 Symptoms:    .COM file growth; .COM file corruption; 
              unexpected system reboots 
 Origin:      Poland 
 Eff Length:  850 Bytes 
 Type Code:   PONCK - Parasitic & Overwriting Non-Resident .COM Infector 
 Detection Method:  ViruScan, F-Prot, AVTK, Sweep, IBMAV, NAV, 
                    NAVDX, VAlert, 
                    NShld, AVTK/N, NProt, Sweep/N, IBMAV/N, NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Warsaw-850 virus was received in August, 1993.  It is originally 
       from Poland.  Warsaw-850 is a non-resident, direct action infector 
       of .COM programs, including COMMAND.COM.  It infects files in both 
       a parasitic and overwriting manner. 
 
       When a program infected with the Warsaw-850 virus is executed, this 
       virus will infect one .COM file located in the current directory. 
       If the resulting infection is parasitic, the newly infected file 
       will have a file length increase of 850 bytes with the virus being 
       located at the end of the file.  If the resulting infection is 
       overwriting, the first 850 bytes of the host program will have been 
       overwritten by the virus, and no file length increase will have 
       occurred.  In both cases, the program's date and time in the DOS 
       disk directory listing will not have been altered.  The following 
       text strings can be found within the viral code in all Warsaw-850 
       infected programs: 
 
               "*.COM" 
               "Warsaw - virus 1990" 
               "????????COM" 
               "\QBASIC S\GAMES\STELLAR7" 
 
       Programs which have been infected in an overwriting manner will not 
       function properly, and execution of these files will frequently 
       result in the system being rebooted.

Show viruses from discovered during that infect .

Main Page