Wrzod Virus


 Virus Name:  Wrzod 
 Aliases: 
 V Status:    New 
 Discovered:  January, 1995 
 Symptoms:    .COM file growth; file date/time seconds = "22"; 
              message displayed with beeping 
 Origin:      Unknown 
 Eff Length:  1,043 Bytes 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method:  F-Prot, AVTK, ViruScan, Sweep, NAVDX, VAlert, NAV, 
                    IBMAV, ChAV, 
                    AVTK/N, Sweep/N, NProt, NShld, NAV/N, IBMAV/N, Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Wrzod virus was received in January, 1995.  Its origin or point 
       of isolation is unknown.  Wrzod is a non-resident, direct action 
       infector of .COM files, including COMMAND.COM.  It can also display 
       a message when infected programs are executed. 
 
       When a program infected witht he Wrzod virus is executed, this 
       virus will infect one .COM file located in the current directory. 
       The virus may also at this time display the following message, 
       accompanied by beeping for about 15 seconds: 
 
               "Hello !!! My name is Wrzod, I'm fucking your PC now !!!" 
 
       Programs infected with the Wrzod virus will have a file length 
       increase of 1,043 bytes with the virus being located at the end 
       of the file.  The program's date and time in the DOS disk directory 
       listing will not appear to be altered, though the file date and 
       time's seconds field will have been set to "22".  The following 
       text strings are encrypted within the viral code: 
 
               "\ .. * *.com" 
               "????????COM" 
               "COMMAND.COM" 
               "Hello !!! My name is Wrzod, I'm fucking your PC now !!!" 
               "By Shadow Man ..." 
 
       These text strings are not visible within infected programs.

Show viruses from discovered during that infect .

Main Page