834 Virus


 Virus Name:  834 
 Aliases:     Arab 
 V Status:    Rare 
 Discovery:   February, 1991 
 Symptoms:    .COM file growth; TSR; partition table altered; unexpected 
              disk accesses to hard disk; attempts to boot from hard disk 
              may hang 
 Origin:      Saudi Arabia 
 Eff Length:  834 Bytes 
 Type Code:   PRsC - Parasitic Resident COM Infector 
 Detection Method:  ViruScan, F-Prot, Sweep, AVTK, ChAV, 
                    NAV, IBMAV, NAVDX, VAlert, PCScan, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The 834 virus was received in February, 1991.  Its origin is 
       unknown. This virus is a memory resident infector of .COM files, 
       but not COMMAND.COM. 
 
       The first time a program infected with the 834 virus is executed, 
       the virus will install itself memory resident as a low system memory 
       TSR of 1,808 bytes.  Interrupt 21 will be hooked by the virus as 
       well.  At this time, the virus will access the hard disk partition 
       table, altering it. 
 
       After the 834 virus is memory resident, it will infect .COM 
       files of a length greater than 4K in length as they are executed. 
       COMMAND.COM, however, will not be infected.  Infected files will 
       increase in length by 834 bytes, the virus will be located at the 
       end of the infected program.  The file date and time in the disk 
       directory is not altered by the virus. 
 
       Systems infected with the 834 virus may notice unexpected accesses 
       to the system hard disk when executing programs from a diskette. 
       These accesses are the virus accessing the hard disk partition table 
       each time an infected program is executed, or a program is infected 
       by the virus.  The system's hard disk partition table does not 
       contain an infectious copy of the virus, but has been altered so 
       that later attempts to boot the system from the system hard disk may 
       result in a system hang occurring during the boot process. 
 
       Known variant(s) of 834 are: 
       834-B: (Arab) Similar to the original virus, this variant will 
              infect .COM files other than COMMAND.COM which are greater 
              than 1K in length before infection.  Two text strings occur 
              within this variant's code: "nsed Materi" and "COMMAND.COM". 
              Low system memory TSR is 1,792 bytes in length.

Show viruses from discovered during that infect .

Main Page