DM Virus


 Virus Name:  DM 
 Aliases:     DM-400 
 V Status:    Rare 
 Discovered:  November, 1991 
 Symptoms:    .COM file growth; system hangs; write to system display of 
              viral code 
 Origin:      USSR 
 Eff Length:  400 Bytes 
 Type Code:   PRfCK - Parasitic Resident .COM Infector 
 Detection Method:  ViruScan, Sweep, AVTK, F-Prot, ChAV, 
                    NAV, IBMAV, NAVDX, VAlert, PCScan, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, IBMAV/N, 
                    NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The DM, or DM-400, virus was received from Europe in November, 1991. 
       It is originally from the USSR.  DM is a memory resident infector of 
       .COM files, including COMMAND.COM. 
 
       When the first program infected with DM is executed, the DM virus 
       will install itself memory resident in low available free memory, 
       directly remapping interrupts 21 and 24.  It will also place a 
       portion of itself in system video memory, such as on a video card, 
       if it is available.  Total system and available free memory, as 
       indicated by the DOS CHKDSK program, will not be altered. 
 
       Once the DM virus is memory resident, it will infect .COM programs, 
       including COMMAND.COM, when they are executed.  Infected programs 
       will have a file size increase of 400 bytes with the virus being 
       located at the end of the infected file.  There will be no visible 
       change to the file's date and time in the DOS disk directory 
       listing.  The following text string can be found within all 
       infected programs: 
 
               "(C)1990 DM" 
 
       A symptom of a DM infection is that attempts to execute programs 
       from write protected diskettes will result in a system hang with the 
       diskette drive being left spinning.  The virus will also 
       occassionally write a copy of itself to the system display. 
 
       It is unknown what DM does besides replicate. 
 
       Known variant(s) of DM are: 
       DM-B: Also referred to as DM 1.01, DM-B is a 400 byte variant 
             of the original DM virus.  It does not contain the "(C)1990 DM" 
             text string which is contained in the original virus. 
             Origin: USSR  January, 1992. 
       DM 1.01B: Based on the DM-B variant, DM 1.01B is also 400 bytes 
             in length, and has been modified to avoid being detected by 
             most anti-viral utilities familiar with this group of viruses. 
             It contains the encrypted text string: "(C)1991 1.01 DM." 
             Origin: USSR  September, 1992. 
       DM 1.04: DM 1.04 is a 400 byte variant of the original DM virus. 
             It infects .COM programs, including COMMAND.COM, when they are 
             executed.  It does not contains the text string: "GIiokMO". 
             Origin: USSR  July, 1992. 
       DM-330: Also referred to as DM 1.05, DM-330 is a 330 byte variant 
             of the DM-B virus.  It will infect .COM programs when they are 
             executed or opened.  It does not contain any identifying text 
             strings. 
             Origin: USSR  June, 1992.

Show viruses from discovered during that infect .

Main Page