Criminal Virus


 Virus Name:  Criminal 
 Aliases:    
 V Status:    Rare 
 Discovery:   January, 1992 
 Symptoms:    .COM file growth; TSR; file allocation error on COMMAND.COM 
 Origin:      Unknown 
 Eff Length:  2,615 Bytes 
 Type Code:   PRsCK - Parasitic Resident .COM Infector 
 Detection Method:  ViruScan, AVTK, F-Prot, Sweep, NAV, NAVDX, 
                    IBMAV, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, IBMAV/N, 
                    NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Criminal virus was submitted in January, 1992.  Its origin or 
       point of isolation is unknown.  Criminal is a memory resident 
       infector of .COM files, including COMMAND.COM. 
 
       The first time a program infected with the Criminal virus is 
       executed, the Criminal virus will install itself memory resident as 
       a low system memory TSR of 480 bytes.  This TSR will have hooked 
       interrupts 21, D0, and EA.  An additional TSR of 3,712 bytes will 
       also be installed, though it will not have hooked any interrupts. 
       At this time, the Criminal virus will infect the first three .COM 
       files in the current directory. 
 
       With the original sample of Criminal received by the author of 
       VSUM, it does not infect programs other than when it becomes 
       memory resident.  Further, it is only infectious from the original 
       sample, not from replicated samples. 
 
       Programs infected with the Criminal virus will increase in size 
       by 2,615 bytes.  The virus will be located at the end of the 
       infected program.  The file's date and time in the DOS disk 
       directory listing will not have been altered. 
 
       Systems infected with Criminal may notice that the DOS CHKDSK 
       program will indicate COMMAND.COM has a file allocation error. 
       This error only appears if the system has been booted from an 
       infected COMMAND.COM file. 
 
       It is unknown if Criminal does anything besides replicate. 
 
       Known variant(s) of Criminal are: 
       Criminal-B: Similar to the original virus, this variant infects 
                   one .COM program each time an infected program is 
                   executed, though it does not infect more than the first 
                   three .COM programs in a directory.  Its size in memory 
                   is 470 bytes.  Nineteen bytes differ from the original 
                   virus. 
                   Origin:  Unknown  October, 1992.

Show viruses from discovered during that infect .

Main Page