Cmdr Bomber Virus

Virus Name: Cmdr Bomber Aliases: V Status: Rare Discovery: May, 1992 Symptoms: .COM file growth; TSR Origin: Bulgaria Eff Length: 4,096 Bytes Type Code: PRhC - Parasitic Resident .COM Infector Detection Method: AVTK, IBMAV, Sweep, F-Prot, NAV, NAVDX, VAlert, ViruScan, ChAV, Sweep/N, Innoc, AVTK/N, IBMAV/N, NAV/N, NShld Removal Instructions: Delete infected files General Comments: The Cmdr Bomber virus was submitted in May, 1992. It originated in Bulgaria, and is believed have been written by the same person whom wrote the Dark Avenger virus. Cmdr Bomber is unusual in the method in which it infects files, which complicates the detection process for anti-viral programs using certain types of scanning technology. When the first program infected with the Cmdr Bomber virus is executed, the Cmdr Bomber virus will install itself memory resident as a low system memory TSR of 2,752 bytes. Interrupt 21 will be hooked by the Cmdr Bomber virus in memory. Once the Cmdr Bomber virus is memory resident, it will infect .COM programs other than COMMAND.COM when they are executed. Infected programs will increase in size by 4,096 bytes. The beginning of the file will have a number of garbled bytes at the beginning which will result in the execution of the program jumping to a location in the middle of the file where the virus has located its viral code. In effect, the virus will be located in the middle of the infected .COM file. The program's date and time in the DOS disk directory listing will not be altered. The following text strings can be found within the viral code in Cmdr Bomber infected programs: "COMMANDER BOMBER WAS HERE" "[DAME] [DAME]" This virus is not related the the Bomber virus which is from Malaysia.