Chaos Year Virus

Virus Name: Chaos Year Aliases: Chaos Year.1837 V Status: Rare Discovery: April, 1994 Symptoms: .COM & .EXE growth; DOS CHKDSK file allocation errors; decrease in total system & available free memory; file date/time seconds = "60" Origin: Unknown Eff Length: 1,837 Bytes Type Code: PRhAK - Parasitic Resident .COM & .EXE Infector Detection Method: ViruScan, F-Prot, IBMAV, NAV, AVTK, Sweep, NAVDX, VAlert, PCScan, NProt, AVTK/N, NShld, Sweep/N, IBMAV/N, NAV/N Removal Instructions: Delete infected files General Comments: The Chaos Year, or Chaos Year.1837, virus was submitted in April, 1994. Its origin or point of isolation is unknown. This virus is a memory resident infector of .COM and .EXE programs, including COMMAND.COM, which exhibits some stealth characteristics. When the first Chaos Year infected program is executed, this virus will install itself memory resident at the top of system memory but below the 640K DOS boundary, not moving interrupt 12's return. Total system and available free memory, as indicated by the DOS CHKDSK program, will have decreased by 2,560 bytes. Interrupt 21 will be hooked by the virus in memory. Once the Chaos Year virus is memory resident, it will infect .COM and .EXE programs when they are executed. Infected programs will have a file length increase of 1,837 bytes with the virus being located at the end of the file, though the file length increase will be hidden when the virus is memory resident. The program's date and time in the DOS disk directory listing will appear to be unaltered, but the seconds field will have been set to "60". The following text string is encrypted within the viral code: "chao1837" Systems infected with the Chaos Year virus will find that the DOS CHKDSK program will detect file allocation errors on all infected files when the virus is memory resident. It is unknown what else Chaos Year may do.