X77 Virus


 Virus Name:  X77 
 Aliases:    
 V Status:    New 
 Discovery:   April, 1993 
 Symptoms:    .COM & .EXE growth; 
              decrease in total system & available free memory 
 Origin:      Unknown 
 Eff Length:  574 Bytes 
 Type Code:   PRtAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  AVTK, F-Prot, ViruScan, Sweep, NAV, IBMAV, PCScan, 
                    NAVDX, VAlert, ChAV, 
                    NShld, NProt, AVTK/N, Sweep/N, NAV/N, IBMAV/N, LProt, 
                    Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The X77 virus was submitted in April, 1993.  Its origin or point 
       of isolation is unknown.  X77 is a memory resident infector of .COM 
       and .EXE programs, including COMMAND.COM.  It is one of the viruses 
       generated with Phalcon/Skism's Gư virus generator. 
 
       When the first X77 infected program is executed, the X77 virus will 
       install itself memory resident at the top of system memory but below 
       the 640K DOS boundary, moving interrupt 12's return.  Total system 
       and available free memory, as indicated by the DOS CHKDSK program, 
       will have decreased by 16,384 bytes.  Interrupt 21 will be hooked by 
       X77 in memory. 
 
       Once the X77 virus is memory resident, it will infect .COM and .EXE 
       programs, including COMMAND.COM, when they are executed.  Infected 
       programs will have a file length increase of 574 bytes with the virus 
       being located at the end of the file.  The program's date and time in 
       the DOS disk directory listing will not be altered.  The following 
       text strings are encrypted within the X77 viral code, and thus aren't 
       visible within infected files: 
 
               "[PS/Gư]" 
               "[x77]" 
 
       It is unknown what X77 does besides replicate.

Show viruses from discovered during that infect .

Main Page