Bizarre Virus

Virus Name: Bizarre Aliases: V Status: Rare Discovery: July, 1993 Symptoms: .COM file growth; file date/time changes; DOS CHKDSK file allocation errors; decrease in total system & available free memory Origin: Belgium Eff Length: 2,716 Bytes Type Code: PRhCK - Parasitic Resident .COM Infector Detection Method: AVTK, IBMAV, F-Prot, NAV, NAVDX, VAlert, ViruScan, PCScan, AVTK/N, Sweep/N, IBMAV/N, NAV/N, NShld Removal Instructions: Delete infected files General Comments: The Bizarre virus was received in July, 1993, and is originally from Belgium. Bizarre is a memory resident infector of .COM programs, including COMMAND.COM, as well as .SYS files. It is a polymorphic virus which is also a fast infector. When the first Bizarre infected program is executed, this virus will become memory resident, as well as infect the copy of COMMAND.COM pointed to by the COMSPEC environmental variable. The virus is resident at the top of system memory but below the 640K DOS boundary, not moving interrupt 12's return. Total system and available free memory, as indicated by the DOS CHKDSK program, will have decreased by 7,264 bytes. Interrupts 21 and 2F will be hooked by the virus. Once the Bizarre virus is memory resident, it will infect .COM and .SYS programs when they are executed or opened for any reason. Infected programs will have a file length increase of 2,716 bytes with the virus being located at the beginning of the file. The program's date and time in the DOS disk directory will have the year field changed to another value, usually sometime during the 50's. The following text strings are encrypted within the Bizarre viral code: "Bizarre by Dreamer" "Do You Believe?" The Bizarre virus interfers with the DOS CHKDSK program, which when executed may indicate fake file allocation errors on some files.