Cancerbero Virus


 Virus Name:  Cancerbero 
 Aliases:     Cancerbero.1000.A 
 V Status:    New 
 Discovery:   January, 1996 
 Symptoms:    .COM file growth 
 Origin:      Unknown 
 Eff Length:  1,000 Bytes 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method:   F-Prot, AVTK, IBMAV, ViruScan, PCScan, ChAV, NAV, 
                     NAVDX, 
                     Innoc, AVTK/N, IBMAV/N, NShld, NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Cancerbero virus was received in January, 1996.  Its origin or 
       point of isolation is unknown.  Cancerbero is a non-resident, 
       direct action infector of .COM files, including COMMAND.COM. 
 
       When a program infected with the Cancerbero virus is executed, 
       this virus will infect one .COM file located in the current 
       directory.  Infected files will have a file length increase of 
       1,000 bytes with the virus being located at the end of the file. 
       The program's date and time in the DOS disk directory listing 
       will not be altered.  The following text strings are visible within 
       the viral code: 
 
           "hEYZh" 
           "CANCERBERO" 
           "*.C?M" 
 
       This virus does not infect past the first five .COM files in any 
       directory. 
 
       Known variant(s) of Cancerbero are: 
       Cancerbero.677: Also received in January, 1996, this is a 
           memory resident, 677 byte variant of the Cancerbero virus 
           described above.  It becomes memory resident at the top of 
           system memory but below the 640K DOS boundary, not moving 
           interrupt 12's return.  Available free memory, as indicated 
           by the DOS CHKDSK program from DOS 5.0, will have decreased 
           by 736 bytes.  Interrupt 21 will be hooked by the virus 
           in memory.  Once resident, it infects .COM files when they 
           are executed, adding 677 bytes to the file's length.  The 
           program's date and time in the DOS disk directory listing 
           will not be altered.  The virus will be located at the end 
           of the file.  The following text string is visible within 
           the viral code: 
           "Killer by Cancerbero" 
           Origin:  Unknown  January, 1996. 
       Cancerbero.1000.B: Also received in January, 1996, this is a 
           minor variant of the Cancerbero virus described above.  It also 
           adds 1,000 bytes to the .COM files it infects, and does not 
           infect past the fifth .COM file in any directory.  The following 
           text strings are visible within the viral code: 
           "CANCERBERO" 
           "*.C?M" 
           Origin:  Unknown  January, 1996.

Show viruses from discovered during that infect .

Main Page