Dima Virus

Virus Name: Dima Aliases: V Status: Rare Discovered: October, 1992 Symptoms: .COM & .EXE growth; file date/time changes; programs requiring command line input may not function properly; displays "9pm" Origin: USSR Eff Length: 1,024 Bytes Type Code: PNAK - Parasitic Non-Resident .COM & .EXE Infector Detection Method: AVTK, ViruScan, Sweep, IBMAV, F-Prot, NAV, NAVDX, VAlert, PCScan, ChAV, NShld, Sweep/N, Innoc, NProt, AVTK/N, LProt, IBMAV/N, NAV/N Removal Instructions: Delete infected files General Comments: The Dima virus was received in October, 1992. It is from the USSR. Dima is a non-resident, direct action infector of .COM and .EXE programs, including COMMAND.COM. When a program infected with the Dima virus is executed, this virus will infect all of the .COM and .EXE programs located in the current directory. If COMMAND.COM is located in this directory, it will become infected. Programs infected with the Dima virus will have a file length increase of 1,024 bytes with the virus being located at the end of the file. The program's date and time in the DOS disk directory listing will have been updated to the current system date and time when infection occurred. The following text strings can be found in all Dima infected programs: "*.COM" "*.exe" "OMtE" "The -9pm-." "Call the Dima & Dima corporation if it will be difficult." The Dima virus activates at 21:00 or 9PM, at which time execution of an infected program will result in the display of the following message and a system hang occurring: "9pm" Systems infected with the Dima virus may also experience problems executing programs which require command line input, resulting in the program not functioning properly.