August 16th Virus


 Virus Name:  August 16th 
 Aliases:     Iron Maiden 
 V Status:    Rare 
 Discovery:   January, 1992 
 Symptoms:    .COM file growth; unexpected access to C: drive 
 Origin:      Poland 
 Eff Length:  636 Bytes 
 Type Code:   PNCK - Parasitic Non-Resident .COM  Infector 
 Detection Method:  AVTK, Sweep, ViruScan, F-Prot, ChAV, 
                    NAV, IBMAV, NAVDX, VAlert,  PCScan, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The August 16th, or Iron Maiden, virus was submitted in January, 
       1992.  August 16th is a non-resident, direct action infector of 
       .COM files, including COMMAND.COM.  It is originally from Poland. 
 
       When a program infected with August 16th is executed, the August 
       16th virus will check to see if the first two .COM files in the 
       current directory have been infected.  If they haven't been 
       previously infected, the virus will proceed to infect them.  Next, 
       the August 16th virus will check the C: drive current directory 
       to see if it contains two .COM files which haven't been previously 
       infected, and will infect those if found.  The program the user 
       was attempting to execute will then proceed to execute. 
 
       Programs infected with the August 16th virus will have a file 
       length increase of 636 bytes with the virus being located at the 
       end of the infected file.  There will be no visible change to the 
       file's date and time in the DOS disk directory listing. 
 
       Two text strings can be found within the August 16th viral code in 
       infected programs: 
 
               "*.com AA" 
               "=!= IRON MAIDEN" 
 
       It is unknown what August 16th does when it activates on August 
       16th, though it does contain destructive code.

Show viruses from discovered during that infect .

Main Page