Demolition Virus


 Virus Name:  Demolition 
 Aliases:    
 V Status:    Rare 
 Discovered:  December, 1991 
 Symptoms:    .COM file growth; TSR; system hangs 
 Origin:      Unknown 
 Eff Length:  1,585 Bytes 
 Type Code:   PRsCK - Parasitic Resident .COM Infector 
 Detection Method:  ViruScan, AVTK, F-Prot, Sweep, ChAV, 
                    NAV, IBMAV, NAVDX, VAlert, PCScan, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected programs 
 
 General Comments: 
       The Demolition virus was submitted in December, 1991.  Its origin 
       or point of original isolation is unknown.  Demolition is a memory 
       resident infector of .COM programs, including COMMAND.COM. 
 
       When the first Demolition infected .COM program is executed, the 
       Demolition virus will install itself memory resident as a low system 
       memory TSR of 1,904 bytes.  It will have hooked interrupt 21. 
 
       Once the Demolition virus is memory resident, it will infect .COM 
       programs, including COMMAND.COM, when they are executed.  Infected 
       .COM programs will have a file length increase of 1,585 bytes.  The 
       virus will be located at the end of the infected file.  The file's 
       date and time in the DOS disk directory listing will not have been 
       altered.  The following text string can be found within the viral 
       code in Demolition infected files: 
 
               "UZD(T!EFNPMJUJPO" 
 
       The Demolition virus will occassionally hang the system when it 
       infects files.  When the infected file is later executed, it will 
       also result in a system hang. 
 
       It is unknown if the Demolition virus contains any damage potential.

Show viruses from discovered during that infect .

Main Page