Carzy Virus


 Virus Name:  Carzy 
 Aliases:     Carzy.A 
 V Status:    New 
 Discovery:   April, 1995 
 Symptoms:    .COM & .EXE growth; TSR; file date/time changes; 
              programs fail to function properly; zero byte hidden file 
 Origin:      Taiwan 
 Eff Length:  9,849 - 9,863 Bytes 
 Type Code:   PRsA - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  ViruScan, F-Prot, NAV, AVTK, Sweep, IBMAV, NAVDX, 
                    VAlert, PCScan, ChAV, 
                    Sweep/N, AVTK/N, NShld, IBMAV/N, NAV/N, LProt, Innoc 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Carzy or Carzy.A virus was received in April, 1995.  It appears 
       to be from Taiwan.  Carzy is a memory resident infector of .COM and 
       .EXE files, but not COMMAND.COM. 
 
       When the first Carzy infected program is executed, this virus will 
       install itself memory resident as a low system memory TSR of 10,160 
       bytes.  Interrupt 21 will be hooked by the virus in memory. 
 
       Once the Carzy virus is memory resident, it will infect .COM and 
       .EXE files when they are executed.  Programs infected with the 
       Carzy virus will have a file length increase of 9,849 to 9,863 bytes 
       with the virus being located at the end of the file.  The program's 
       date and time in the DOS disk directory listing will have been 
       updated to the current system date and time when infection occurred. 
       The following text strings are visible within the viral code in all 
       infected files: 
 
               "Ruei-Chiang Virus   by Mad Satan" 
               "\Satan_*.*" 
               "\Satan_" 
               "1994 (C) Copyright Ruei-Chiang Virus Written by Mad 
                Satan in TAIWAN." 
               "Carzy !!! Another Masterpiece of Satan....." 
               "Don't Worry I just a Virus." 
               "Satan Ver 3.01    - Mad Satan -" 
               "Mad Satan Mad Satan" 
 
       The last text string is actually repeated several times in a block. 
 
       Programs infected with the Carzy virus will usually fail to function 
       when executed, returning the system user to the DOS prompt.  The 
       virus will also write a zero (0) byte file with the name "SATAN_05" 
       to infected disks which will have the read-only, system, and hidden 
       attributes set. 
 
       Known variant(s) of Carzy are: 
       Carzy.B: Received in July, 1995, Carzy.B is a variant of the 
           Carzy virus described above.  The following text string is visible 
           within the viral code in all infected files: 
           "\COMMAND.COM Program too big to fit in memory" 
           This virus will write a zero (0) byte file to infected disks 
           with the file name "abbaĞ|38" with the read-only, system, and 
           hidden attributes set. 
           Origin:  Unknown  July, 1995.

Show viruses from discovered during that infect .

Main Page