Dead-790 Virus


 Virus Name:  Dead-790    
 Aliases:     Dead 
 V Status:    Rare 
 Discovered:  January, 1994 
 Symptoms:    .COM file growth; 
              decrease in total system & available free memory 
 Origin:      Unknown 
 Eff Length:  790 bytes 
 Type Code:   PRhCK - Parasitic Resident .COM Infector 
 Detection Method:  ViruScan, Sweep, F-Prot, IBMAV, ChAV, 
                    AVTK, NAV, NAVDX, VAlert, PCScan, 
                    NProt, NShld, Sweep/N, AVTK/N, IBMAV/N, Innoc, NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Dead-790, or Dead, virus was submitted in January, 1994.  Dead-790 
       is a memory resident infector of .COM programs, including COMMAND.COM. 
       It receives its name from the combination of two text strings which 
       occur within the viral code. 
 
       When the first Dead-790 infected program is executed, this virus will 
       become memory resident at the top of system memory but below the 640K 
       DOS boundary, not moving interrupt 12's return.  Total system and 
       available free memory, as indicated by the DOS CHKDSK program, will 
       have decreased by 800 bytes.  Interrupt 21 will be hooked by the virus 
       in memory. 
 
       Once the Dead-790 virus is memory resident, it will infect .COM 
       programs, including COMMAND.COM, when they are executed or opened for 
       any reason.  Infected programs will have a file length increase of 
       790 bytes with the virus being located at the end of the file.  The 
       program's date and time in the DOS disk directory listing will not be 
       altered.  Two text strings can be found within Dead-790 infected 
       files: 
 
               "DE" 
               "AD" 
 
       The first text string will start in the fourth byte of the infected 
       file while the last text string will be at the very end of the file.

Show viruses from discovered during that infect .

Main Page