CorpLife Virus

Virus Name: CorpLife Aliases: CorpLife.1937 V Status: New Discovery: July, 1995 Symptoms: .EXE file growth; TSR; file date/time year changed Origin: North America Eff Length: 1,937 Bytes Type Code: PRsE - Parasitic Resident .EXE Infector Detection Method: IBMAV, VAlert, AVTK, PCScan, NAV, NAVDX, ViruScan, ChAV, AVTK/N, IBMAV/N, NShld, LProt, NAV/N, Innoc 4.0+ Removal Instructions: Delete infected files General Comments: The CorpLife or CorpLife.1937 virus was received in July, 1995. It appears to be from North America. CorpLife is a memory resident polymorphic stealth virus which infects .EXE files. Infected systems with soundblaster cards installed may experience talking or other sounds being emitted from the system speakers. When the first CorpLife infected program is executed, this virus will install itself memory resident as a low system memory TSR of 3,808 bytes, hooking interrupt 21. Memory mapping utilities may show this TSR as an increase in the size of the last loaded TSR. Once the CorpLife virus is memory resident, it will infect .EXE files when they are executed or when a DOS DIR command is issued. Programs infected with the CorpLife virus will have a file length increase of 1,937 bytes, though this file length increase will be hidden when the virus is memory resident. The virus will be located at the end of the file. The program's date and time in the DOS disk directory listing will not appear to be altered, though forty years may have been added to the date. The following text strings are encrypted within the viral code: "-=[$$$ Corporate Life $$$]=- P$" "Fuck Corporat Life." This virus contains code to deactivate the VSafe anti-viral program in memory.