Australian 403 Virus

Virus Name: Australian 403 Aliases: 403, Zeroto-O V Status: Rare Discovery: February, 1991 Symptoms: .COM files become 403 bytes in length; TSR; file date/time changes; .COM files do not function properly Origin: Australia Eff Length: 403 Bytes Type Code: PRsCK - Parasitic Resident .COM Infector Detection Method: AVTK, F-Prot, ViruScan, Sweep, IBMAV, NAV, NAVDX, VAlert, PCScan, ChAV, NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N Removal Instructions: Delete infected files General Comments: The Australian 403 virus was submitted in February, 1991 by Colin Keeble of Australia. This virus is a memory resident infector of .COM files, including COMMAND.COM. The first time a program infected with the Australian 403 virus is executed, the virus will install itself memory resident as a low system memory TSR of 720 bytes. The virus will hook interrupt 21. Once the virus is memory resident, the virus will replace two .COM programs in the current directory with a copy of the virus each time any program is executed. The replaced programs will have a file length of 403 bytes, and their date and time in the disk directory will have been altered to the system date and time when infection occurred. Needless to say, the replaced programs will not execute properly since they now only contain the virus's code. This virus does not do anything besides replicate. Known variant(s) of Australian 403 are: Zeroto-0: Similar to Australian 403, this variant has 10 bytes which differ from the original virus. Functionally, its memory resident TSR is 736 bytes, hooking interrupt 21. Once Zeroto-0 is memory resident, it will infect one .COM program each time any program is executed. As with the original program, infected files will have been replaced with a 403 byte file with a date and time set to the system date and time when infection occurred.