Westwood Virus


 Virus Name:  Westwood 
 Aliases: 
 V Status:    Rare 
 Discovered:  August, 1990 
 Symptoms:    .COM & .EXE growth; TSR; system slowdown; black window; 
              file deletion on Friday the 13th 
 Origin:      Westwood, California, United States 
 Eff Length:  1,819 - 1,829 Bytes 
 Type Code:   PRsA - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  ViruScan, F-Prot, AVTK, Sweep, NAV, IBMAV, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  NAV, or delete infected files 
 
 General Comments: 
       The Westwood virus was isolated in August, 1990 in Westwood, 
       California. This virus is a substantially altered variant of the 
       Jerusalem virus, enough so that all anti-virals tested which 
       could detect Jerusalem  were unable to identify it.  Like 
       Jerusalem, it infects .COM, .EXE, and overlay files, but not 
       COMMAND.COM. 
 
       The first time a program infected with the Westwood virus is 
       executed, the virus will install itself memory resident as a low 
       system memory TSR of 1,808 bytes.  Interrupts 8 and 21 will be 
       hooked.  If the system date happens to be a Friday the 13th, 
       interrupt 22 will also be hooked. 
 
       After the virus is memory resident, any program which is executed 
       will become infected with the Westwood virus.  .COM files will 
       increase by 1,829 bytes with the virus's code located at the 
       beginning of the infected program.  .EXE files and overlay files 
       are infected with the virus's code added to the end of the 
       program.  . EXE files increase in length by between 1,819 and 1,829 
       bytes.  Unlike most variants of the Jerusalem virus, Westwood does 
       not reinfect .EXE files. 
 
       Infected systems will experience a system slowdown occurring 
       after the virus has been memory resident for 30 minutes.  At this 
       time, the "black window" or "black box" common to the Jerusalem 
       virus will appear on the lower left hand side of the system 
       display.  Screen contain around the area of the "box" may be 
       corrupted if screen writes happened to be occurring when the box 
       appeared. 
 
       On Friday the 13th, the Westwood virus will delete any programs 
       that are executed once the virus becomes memory resident. 
 
       See:   Jerusalem

Show viruses from discovered during that infect .

Main Page