Xak Virus
Virus Name: Xak
Aliases:
V Status: New
Discovery: July, 1994
Symptoms: .COM file growth;
decrease in total system & available free memory
Origin: Unknown
Eff Length: 3,132 Bytes
Type Code: PRhCK - Parasitic Resident .COM Infector
Detection Method: F-Prot, IBMAV, ViruScan, NAV, NAVDX, AVTK, ChAV,
NShld, IBMAV/N, NProt, NAV/N, AVTK/N, Innoc
Removal Instructions: Delete infected files
General Comments:
The Xak virus was received in July, 1994. Its origin or point of
isolation is unknown. Xak is a memory resident infector of .COM
files, including COMMAND.COM.
When the first Xak infected program is executed, this virus will
install itself memory resident at the top of system memory but below
the 640K DOS boundary, not moving interrupt 12's return. Total system
and available free memory, as indicated by the DOS CHKDSK program,
will have decreased by 6,496 bytes. Interrupts 1C and 21 will be
hooked by the virus in memory.
Once the Xak virus is memory resident, it will infect .COM programs
when they are executed. Infected programs will have a file length
increase of 3,132 bytes with the virus being located at the end of
the file. The program's date and time in the DOS disk directory
listing will not be altered. The following text strings are visible
within the viral code:
"This code, called Xak version 0012, is the #### generation from"
"the original code of the same version number and was created by a"
"predecessor code on the ## day of the month of ## of the year"
" #### at ## hours, ## minutes, and ## seconds."
"