Beetle Virus


 Virus Name:  Beetle 
 Aliases:     Beetle.1441 
 V Status:    New 
 Discovery:   July, 1995 
 Symptoms:    .COM file growth; decrease in available free memory 
 Origin:      Unknown 
 Eff Length:  1,441 Bytes 
 Type Code:   PRhCK - Parasitic Resident .COM Infector 
 Detection Method: F-Prot, AVTK, Sweep, NAV, NAVDX, IBMAV, ViruScan, 
                   PCScan, ChAV, 
                   Sweep/N, AVTK/N, NAV/N, NShld, IBMAV/N, Innoc 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Beetle virus was received in July, 1995.  Its origin or point 
       of isolation is unknown.  Beetle is a memory resident infector of 
       .COM files, including COMMAND.COM. 
 
       When the first Beetle infected program is executed, this virus 
       will install itself memory resident at the top of system memory 
       but below the 640K DOS boundary, not moving interrupt 12's 
       return.  Available free memory, as indicated by the DOS CHKDSK 
       program from DOS 5.0, will have decreased by 1,488 bytes. 
       Interrupts 08, 10, 16, and 21 will be hooked by the virus in 
       memory. 
 
       Once the Beetle virus is memory resident, it will infect .COM 
       programs when they are executed.  Infected .COM files will have a 
       file length increase of 1,441 bytes with the virus being located at 
       the end of the file.  The program's date and time in the DOS disk 
       directory listing will not be altered.  The following text string 
       is encrypted within the viral code: 
 
           "Beetlejuice Terversion 2.0 by 'BIG V' , Magdeberg (D) Nov'92" 
 
       It is unknown if Beetle does anything besides replicate.

Show viruses from discovered during that infect .

Main Page