Zelentsov Virus


 Virus Name:  Zelentsov 
 Aliases:     Zelentsov.379 
 V Status:    New 
 Discovered:  July, 1995 
 Symptoms:    .COM file growth; decrease in total available free memory; 
              file date/time changes 
 Origin:      Unknown 
 Eff Length:  379 Bytes 
 Type Code:   PRhCK - Parasitic Resident .COM Infector 
 Detection Method: F-Prot, AVTK, VAlert, Sweep, IBMAV, NAV, NAVDX, 
                   ViruScan, ChAV, 
                   Sweep/N, IBMAV/N, NAV/N, NProt, NShld, AVTK/N, Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Zelentsov virus was received in July, 1995.  Its origin or 
       point of isolation is unknown.  Zelentsov is a memory resident 
       infector of .COM files, including COMMAND.COM. 
 
       When the first Zelentsov infected program is executed, this virus 
       will install itself memory resident at the top of system memory but 
       below the 640K DOS boundary, hooking interrupts 08 and 21.  Available 
       free memory, as indicated by the DOS CHKDSK program from DOS 5.0, 
       will have decreased by 400 bytes.  Interrupt 12's return will not 
       have been moved. 
 
       Once the Zelentsov virus is memory resident, it will infect .COM 
       programs, including COMMAND.COM, when they are executed.  Infected 
       .COM files will have a file length increase of 379 bytes with the 
       virus being located at the end of the file.  The file's date and 
       time in the DOS disk directory listing will have been updated to the 
       current system date and time when infection occurred.  The following 
       text string is visible within the viral code: 
 
           "Virus ZELENTSOV"

Show viruses from discovered during that infect .

Main Page