Yukon Overwriting Virus


 Virus Name:  Yukon Overwriting 
 Aliases: 
 V Status:    Viron 
 Discovered:  January, 1991 
 Symptoms:    Divide Overflow errors; beginning of programs overwritten 
 Origin:      Canada 
 Eff Length:  151 Bytes 
 Type Code:   ONCK - Overwriting Non-Resident .COM Infector 
 Detection Method:  F-Prot, Sweep, AVTK, ViruScan, ChAV, 
                    NAV, IBMAV, NAVDX, VAlert, PCScan, 
                    NShld, Sweep/N, LProt, Innoc, NProt, AVTK/N, IBMAV/N, 
                    NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Yukon Overwriting virus was isolated in January, 1991 in 
       Canada. This virus is a non-resident overwriting virus that 
       infects .COM files, including COMMAND.COM. 
 
       When a program infected with the Yukon Overwriting virus is 
       executed, the virus will infect all .COM programs in the current 
       directory. Infected programs will have the first 151 bytes of the 
       program overwritten with the virus.  Their date and time in the 
       disk directory will not be altered in the process of infection. 
 
       After infecting all of the .COM files in the current directory, the 
       program the user was attempting to execute will fail with a Divide 
       Overflow error. 
 
       Infected programs can be easily identified because the text string 
       Divide Overflow$ will be located beginning at offset 87h within the 
       infected program. 
 
       Programs infected with the Yukon Overwriting virus cannot be 
       disinfected as the portion overwritten by the virus is not stored. 
       Infected programs must be deleted and replaced with uninfected 
       copies.

Show viruses from discovered during that infect .

Main Page