CB-1530 Virus

Virus Name: CB-1530 Aliases: 1530 V Status: Rare Discovery: November, 1991 Symptoms: .COM & .EXE file growth; decrease in total system & available free memory Origin: Unknown Eff Length: 1,530 - 1,544 Bytes Type Code: PRhAK - Parasitic Resident .COM & .EXE Infector Detection Method: ViruScan, Sweep, AVTK, F-Prot, ChAV, NAV, IBMAV, NAVDX, VAlert, PCScan, NShld, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N, LProt Removal Instructions: Delete infected files General Comments: The CB-1530 virus was received in November, 1991. Its origin, or point of original isolation, are unknown. CB-1530 is a memory resident infector of .COM and .EXE programs, including COMMAND.COM. It is based on the Dark Avenger virus, and anti-viral software may detect it as such. The first time a program infected with CB-1530 is executed, the virus will install itself memory resident at the top of system memory but below the 640K DOS boundary. Total system and available free memory, as measured with the DOS CHKDSK program, will have decreased by 3,696 bytes. Interrupts 21 and 27 will be hooked by CB-1530 in memory. Interrupt 12's return will not have been moved. Once CB-1530 has become memory resident, it will infect .COM and .EXE programs (other than very small ones) when they are executed. Infected .COM programs will have increased in length by 1,530 bytes. .EXE programs will have increased in size by 1,530 to 1,544 bytes. In both cases, the virus will be located at the end of the infected file. There will be no change to the file's date and time in the DOS disk directory. One text string will be found in infected programs: "CB". It is unknown what CB-1530 does besides replicate. See: Alexander Dark Avenger Edcl Father