Dig Death Virus


 Virus Name:  Dig Death 
 Aliases:     Dig Death.1062 
 V Status:    New 
 Discovered:  January, 1996 
 Symptoms:    .COM & .EXE growth; file date/time seconds = "58"; 
              decrease in available free memory 
 Origin:      Unknown 
 Eff Length:  1,062 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  F-Prot, AVTK 7.61+, IBMAV, ViruScan 2.51+, 
                    NAV 3.09 9608+, NAVBoot 0.A 9608+, ChAV, 
                    Innoc 4.0+, AVTK/N 7.61+, IBMAV/N, NShld 2.32 9607+, 
                    NAV/N 2.0 9608+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Dig Death virus was received in January, 1996.  Its origin or 
       point of isolation is unknown.  Dig Death is a memory resident 
       size stealthing fast infector of .COM and .EXE files, including 
       COMMAND.COM. 
 
       When the first Dig Death infected program is executed, this virus 
       will install itself memory resident at the top of system memory but 
       below the 640K DOS boundary, not moving interrupt 12's return. 
       Available free memory, as indicated by the DOS CHKDSK program from 
       DOS 5.0, will have decreased by 1,200 bytes.  Interrupts 09 and 21 
       will be hooked by the virus in memory. 
 
       Once the Dig Death virus is memory resident, it will infect .COM 
       and .EXE files, including COMMAND.COM, when they are executed, 
       opened, or copied.  Infected files will have a file length increase 
       of 1,062 bytes, though this file length increase will be hidden 
       by the virus when it is memory resident.  The virus will be located 
       at the end of the file.  The program's date and time in the DOS 
       disk directory listing will not appear to be altered, though the 
       seconds field will have been set to "58".  The following text 
       string is encrypted within the viral code: 
 
           "Digital Death v.0.91 - (c)'95 Immortal Riot" 
 
       Known variant(s) of Dig Death are: 
       Dig Death.1153: Also received in January, 1996, this variant's 
           size in memory is 1,168 bytes, hooking interrupts 09, 21, and 
           24.  Files infected with this variant will have a file length 
           increase of 1,153 bytes with the virus being located at the 
           end of the file.  The increase in file size will be hidden by 
           the virus when it is memory resident.  The program's date and 
           time in the DOS disk directory listing will not appear to be 
           altered, though the seconds field will have been set to "58". 
           The encrypted text string from the original virus also occurs 
           in this variant. 
           Origin:  Unknown  January, 1996.

Show viruses from discovered during that infect .

Main Page