WSI Virus


 Virus Name:  WSI 
 Aliases:     WSI.853 
 V Status:    New 
 Discovered:  December, 1996 
 Symptoms:    .COM file growth; decrease in available free memory 
 Origin:      Unknown 
 Eff Length:  853 Bytes 
 Type Code:   PRhCK - Parasitic Resident .COM Infector 
 Detection Method:  NAV, NAVDX, AVTK, 
                    NAV/N, AVTK/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The WSI or WSI.853 virus was received in December, 1996.  Its origin 
       or point of isolation is unknown.  WSI is a memory resident, fast 
       infector of .COM files, including COMMAND.COM. 
 
       When a program infected with the WSI virus is executed, this virus 
       will install itself memory resident at the top of system memory 
       but below the 640K DOS boundary, not moving interrupt 12's return. 
       Available free memory, as indicated by the DOS CHKDSK program from 
       DOS 5.0, will have decreased by 2,048 bytes.  Interrupts 09 and 21 
       will be hooked by the virus in memory. 
 
       Once the WSI virus is memory resident, it will infect .COM files 
       when they are executed or opened, but not when copied.  Infected 
       files will have a file length increase of 853 bytes with the virus 
       being located at the end of the file.  The following text strings 
       are visible within the viral code: 
 
           "Welcome to WSI Opole" 
           "stay cool it's only..." 
           "V I R U S !!!" 
 
       The file's date and time in the DOS disk directory listing will not 
       be altered.

Show viruses from discovered during that infect .

Main Page