BackTime Virus

Virus Name: BackTime Aliases: V Status: Rare Discovery: August, 1991 Symptoms: .COM file growth; decrease in system and available free memory; system clock runs backwards Origin: Unknown Eff Length: 528 Bytes Type Code: PRtCK - Parasitic Resident .COM Infector Detection Method: ViruScan, F-Prot, Sweep, AVTK, ChAV, NAV, IBMAV, NAVDX, VAlert, PCScan, NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N Removal Instructions: Delete infected files General Comments: The BackTime virus was received in August, 1991. BackTime is a memory resident infector of .COM files, including COMMAND.COM. Its origin or original isolation point is unknown. When the first BackTime infected program is executed, BackTime will install itself memory resident at the top of system memory but below the 640K DOS boundary. Total system and available free memory will decrease by 528 bytes, as measured by the DOS CHKDSK program. Interrupts 08 and 21 will be hooked by the virus. Once BackTime is memory resident, it will infect .COM programs when they are executed. If COMMAND.COM is executed, it will become infected. Infected .COM files will increase in size by 528 bytes. The BackTime virus will be located at the end of the infected file. The text string "BackTime" can be found in all infected files. The BackTime virus, when memory resident, will affect the operation of the system by running the system clock backwards. For example, files created after the virus became memory resident will have date time stamps in the disk directory from before the virus became resident. Rebooting the system will result in the system clock returning to the normal expected date and time. See: Blinker Shaker