Chomik Virus


 Virus Name:  Chomik 
 Aliases:     Chomik.718 
 V Status:    New 
 Discovery:   June, 1996 
 Symptoms:    .EXE file growth; decrease in available free memory; 
              file date/time seconds = "62" 
 Origin:      Unknown 
 Eff Length:  718 Bytes 
 Type Code:   PRhE - Parasitic Resident .EXE Infector 
 Detection Method:  ChAV, NAV, NAVDX, ViruScan 2.54+, AVTK 7.68+, 
                    Innoc, NAV/N, AVTK/N 7.68+, NShld 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Chomik virus was received in June, 1996.  Its origin or point 
       of isolation is unknown.  Chomik is a memory resident infector of 
       .EXE files. 
 
       When the first Chomik infected program is executed, this virus will 
       become memory resident at the top of system memory but below the 
       640K DOS boundary, not moving interrupt 12's return.  Available 
       free memory, as indicated by the DOS CHKDSK program from DOS 5.0, 
       will have decreased by 768 bytes.  Interrupts 09 and 21 will be 
       hooked by the virus in memory. 
 
       Once the Chomik virus is memory resident, it will infect .EXE files 
       when they are executed.  Infected files will have a file length 
       increase of 718 bytes with the virus being located at the end of 
       the file.  The program's date and time in the DOS disk directory 
       listing will appear to be altered, though the seconds field will 
       have been set to "62".  No text strings are visible within the 
       viral code.

Show viruses from discovered during that infect .

Main Page