Chill Virus


 Virus Name:  Chill 
 Aliases:    
 V Status:    New 
 Discovery:   August, 1994 
 Symptoms:    .COM file growth; 
              decrease in total system & available free memory 
 Origin:      Unknown 
 Eff Length:  544 Bytes 
 Type Code:   PRhCK - Parasitic Resident .COM Infector 
 Detection Method:  F-Prot, AVTK, IBMAV, Sweep, ViruScan, NAV, NAVDX, 
                    VAlert, PCScan, ChAV, 
                    NShld, IBMAV/N, Innoc, AVTK/N, Sweep/N, NAV/N, LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Chill virus was submitted in August, 1994.  Its origin or point 
       of isolation is unknown.  Chill is a memory resident infector of .COM 
       programs, including COMMAND.COM. 
 
       When the first Chill infected program is executed, this virus will 
       install itself memory resident at the top of system memory but below 
       the 640K DOS boundary, not moving interrupt 12's return.  Total system 
       and available free memory, as indicated by the DOS CHKDSK program, 
       will have decreased by 1,232 bytes.  Interrupt 21 will be hooked by 
       the virus in memory.  Also at this time, the virus will infect the 
       first .COM file in the current directory if it was not previously 
       infected. 
 
       Once the Chill virus is memory resident, it will infect .COM programs 
       when they are executed, opened, or copied.  Infected programs will 
       increase in size by 544 bytes with the virus being located at the end 
       of the file.  The program's date and time in the DOS disk directory 
       listing will not be altered.  The following text string is encrypted 
       within the viral code: 
 
               "[CHiLL TOUCH] you cannot touch these phantoms" 
 
       It is unknown what Chill might do besides replicate.

Show viruses from discovered during that infect .

Main Page