YAM-3599 Virus

Virus Name: YAM-3599 Aliases: Penisize V Status: New Discovered: January, 1993 Symptoms: .COM file growth; decrease in total system & available free memory; graphic displayed; file date/time seconds = 02 Origin: Unknown Eff Length: 3,599 Bytes Type Code: PRhCK - Parasitic Resident .COM Infector Detection Method: ViruScan, F-Prot, Sweep, NAV, IBMAV, AVTK, NAVDX, VAlert, ChAV, PCScan, NShld, Sweep/N, NAV/N, AVTK/N, IBMAV/N, Innoc Removal Instructions: Delete infected files General Comments: The YAM-3599 or Penisize virus was submitted in January, 1993. Its origin or point of isolation is unknown. YAM-3599 is a memory resident infector of .COM programs, including COMMAND.COM. When the first YAM-3599 infected program is executed, the YAM-3599 virus will install itself memory resident at the top of system memory but below the 640K DOS boundary, hooking interrupts 09 and 21. Total system and available free memory, as indicated by the DOS CHKDSK program, will have decreased by 3,616 bytes. Interrupt 12's return will not have been moved. Once the YAM-3599 virus is memory resident, it will infect .COM programs, including COMMAND.COM, when they are executed. Infected programs will have a file length increase of 3,599 bytes, though the virus will hide the file length increase when it is memory resident. The YAM-3599 virus will be located at the end of infected files. The program's date and time in the DOS disk directory listing will appear to be unaltered, or may not be listed, the virus having set the seconds field in the file time to "02". The following text strings are encrypted within the viral code in YAM-3599 infected programs: "FUCK YOU ASSHOLE!" "YOUR HAS JUST BE PENISIZED COMPLEMENTS OF" "[ Y A M ] 9 2" The third text string actually has closed ascii heart characters (boot between the characters, instead of spaces. YAM-3599 will sometimes display an indiscriminate graphic on the system monitor.