Blinky Virus


 Virus Name:  Blinky 
 Aliases:     Blinky Ghost 
 V Status:    Rare 
 Discovery:   September, 1993 
 Symptoms:    .COM file growth; 
              interrupts 01 and 03 hooked in available free memory; 
              boot sector infection of  Inky  virus; boot failure 
 Origin:      Unknown 
 Eff Length:  1,302 Bytes 
 Type Code:   PRaCK - Parasitic Resident .COM Infector 
 Detection Method:  F-Prot, NAV, ViruScan, IBMAV, AVTK, Sweep, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    NShld, NProt, Sweep/N, NAV/N, AVTK/N, IBMAV/N, LProt, 
                    Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Blinky, or Blinky Ghost, virus was submitted in September, 1993, 
       and is one of three related viruses which all have names of 
       characters from the popular Pac-Man video game.  Blinky is a memory 
       resident, direct action infector of .COM programs.  It "drops" or 
       is the carrier of a boot sector virus, the  Inky  virus. 
 
       When the first Blinky infected program is executed, the virus will 
       install a portion of itself memory resident in available free memory, 
       hooking interrupts 01 and 03.  This is an attempt by the virus to 
       avoid having debugger programs used against it.  The virus then goes 
       on to infect programs as indicated below. 
      
       When a program infected with the Blinky virus is executed, this 
       virus will infect three .COM programs located in the current 
       directory.  If COMMAND.COM is in this directory, it may become 
       infected.  Programs infected with the Blinky virus will have a file 
       length increase of 1,302 bytes with the virus being located at the 
       beginning of the file.  The program's date and time in the DOS disk 
       directory listing will not be altered.  The following text strings 
       are visible within the viral code in all Blinky infected programs: 
 
               "[Blinky Ghost]" 
               "*.COM" 
               "????????COM" 
               "The Pac-Man BLINKY Ghost is watching." 
               "[-Inky!-]" 
               "[INKY Ghost] by PacMan and Associates Inc." 
               "Non-System disk or disk error." 
               "Replace and press any key when ready..." 
 
       The Blinky virus "drops", or is a carrier for the Inky boot sector 
       virus.  The last four text messages above are from Inky.  As the 
       Inky virus is actually a separate distinct virus, it will be 
       described in its own entry. 
 
       See:   Inky   Pinky

Show viruses from discovered during that infect .

Main Page