Damage Virus


 Virus Name:  Damage 
 Aliases:     Damage-B 
 V Status:    Rare 
 Discovery:   May, 1991 
 Symptoms:    .COM & .EXE growth; decrease in total system and available 
              memory; screen effects; "Sector not found" errors 
 Origin:      Italy 
 Eff Length:  1,063 bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  ViruScan, AVTK, F-Prot, Sweep, ChAV, 
                    NAV, IBMAV, NAVDX, VAlert, PCScan, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Damage virus was received from Europe in May, 1991.  Damage is 
       based on the Diamond variant of V1024.  It is a memory resident 
       infector of .COM and .EXE programs, including COMMAND.COM. 
 
       When the first Damage infected program is executed on a system, 
       Damage will install itself memory resident at the top of system 
       memory but below the 640K DOS boundary.  Total system and available 
       free memory, as measured by the DOS CHKDSK program, will decrease 
       by 1,120 bytes.  Interrupts 08 and 21 will be hooked by the virus. 
 
       Once Damage is memory resident, it will infect .COM and .EXE 
       programs over approximately 1K in size when they are executed. 
       If COMMAND.COM is executed, it will become infected.  Infected 
       programs will increase in size by 1,063 bytes with the virus being 
       located at the end of the infected file.  The file length increase, 
       however, will be hidden if Damage is memory resident.  If the 
       infected program's file time in the disk directory was originally 
       12:00a, its time will be blank when displayed if Damage is memory 
       resident. 
 
       The DOS CHKDSK program will not find file allocation errors as it 
       will with some stealth type viruses when Damage is memory resident. 
 
       Damage activates when the system time is 14:59:53.  At that time, 
       it will have a large, multi-color diamond appear in the center of 
       the system display.  The diamond will then break up into smaller 
       diamonds which shoot around the screen cleaning off characters on 
       the display. 
 
       Occasionally, the Damage virus will format a section of the current 
       disk drive.  This formatting will result in "Sector not found" 
       errors when the user attempts to read a file may have been 
       damaged, or if the user attempts to write to one of these areas. 
 
       Programs infected with Damage will have the following text string 
       located near the end of the infected file: 
 
               "DAMAGE!!!!" 
 
       Known variant(s) of Damage are: 
       Damage-B: Damage-B is a 1,110 byte variant of Damage, this 
                 variant will not infect COMMAND.COM.  The decrease in 
                 total system and available memory will be 1,152 bytes. 
                 Two text strings can be found in infected programs: 
 
                 "Jump for joy!!!" 
                 "DAMAGE-B!!" 
 
                 Damage-B may be detected as Lucifer by some anti-viral 
                 programs as it is very similar. 
 
       See:   Alfa   Lucifer   V1024

Show viruses from discovered during that infect .

Main Page