Crazy_Lord Virus

Virus Name: Crazy_Lord Aliases: Crazy_Lord.457 V Status: New Discovery: July, 1995 Symptoms: .EXE file header altered; file date/time changes Origin: Unknown Eff Length: 457 Bytes (Overwriting) Type Code: PRaE - Overwriting Resident .EXE Infector Detection Method: NAV, NAVDX, ViruScan, IBMAV, VAlert, AVTK, PCScan, F-Prot, ChAV, AVTK/N, NAV/N, IBMAV/N, NShld, Innoc 4.0+ Removal Instructions: Delete infected files General Comments: The Crazy_Lord virus was received in July, 1995. Its origin or point of isolation is unknown. Crazy_Lord is a memory resident infector of .EXE files. It is a full stealth virus. When the first Crazy_Lord infected program is executed, this virus will become memory resident in allocated system memory. This virus directly hooks interrupts in a way that interrupt mapping utilities will not be able to map the interrupts to it. Also at this time, the virus will infect all of the .EXE files located in the current directory. Once the Crazy_Lord virus is memory resident, it will infect .EXE files when they are executed. Infected .EXE files will have no increase in the file's length as the virus overwrites 457 bytes of the .EXE file header (which is the first 512 bytes of the host file). Infected programs will have their date and time in the DOS disk directory listing updated to the current system date and time when infection occurred. The following text strings are visible within the viral code: "Written By Crazy Lord (Ming)" "Made In Hong Kong" Crazy_Lord is a full stealth virus, disinfected programs as they are read into memory. As such anti-viral programs unaware of this virus will not be able to detect the virus when it is memory resident.