Dirty Virus


 Virus Name:  Dirty 
 Aliases:     Lavi 
 V Status:    Rare 
 Discovered:  September, 1993 
 Symptoms:    .COM file growth; file date/time changes; 
              decrease in total system & available free memory 
 Origin:      Italy 
 Eff Length:  483 Bytes 
 Type Code:   PRhCK - Parasitic Resident .COM Infector 
 Detection Method:  F-Prot, IBMAV, ViruScan, Sweep, AVTK, 
                    NAV, NAVDX, VAlert, ChAV, 
                    NShld, NProt, Sweep/N, AVTK/N, IBMAV/N, Innoc, NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Dirty, or Lavi, virus was submitted in September, 1993.  It 
       appears to be from Italy.  Dirty is a memory resident infector of 
       .COM programs, including COMMAND.COM. 
 
       When the first Dirty infected program is executed, this virus will 
       install itself memory resident at the top of system memory but below 
       the 640K DOS boundary, not moving interrupt 12's return.  Total 
       system and available free memory, as indicated by the DOS CHKDSK 
       program, will have decreased by 544 bytes.  Interrupt 21 will be 
       hooked by Dirty in memory. 
 
       Once the Dirty virus is memory resident, it will infect .COM 
       programs, including COMMAND.COM, when they are executed.  Infected 
       programs will have a file length increase of 483 bytes with the virus 
       being located at the end of the file.  The file's date and time in 
       the DOS disk directory listing will have been changed to a random 
       value, and the seconds field will have been set to "62".  The 
       following text string can be found within the viral code in all 
       Dirty infected programs: 
 
               "HI ! I'm The Dirty Fucker !!"

Show viruses from discovered during that infect .

Main Page