Doom II Virus


 Virus Name:  Doom II 
 Aliases: 
 V Status:    Rare 
 Discovered:  May, 1991 
 Symptoms:    .COM & .EXE growth; system hangs on screen writes 
 Origin:      Taiwan 
 Eff Length:  1,252 Bytes 
 Type Code:   PRbAK - Parasitic Non-Resident .COM & .EXE Infector 
 Detection Method:  ViruScan, AVTK, F-Prot, Sweep, NAV, IBMAV, 
                    NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Doom II virus was received in September, 1991 from the NCSA. 
       Doom II is a memory resident virus which infects .COM and .EXE 
       programs, including COMMAND.COM. 
 
       The first time a program infected with Doom II is executed, Doom 
       II will install itself memory resident in memory located on the 
       system's video card, along with a hook to this memory in low system 
       memory.  Interrupts 1C, 21, 24, and 98 will be hooked by the virus. 
       Infected systems will not have any change in total system or 
       available free memory. 
 
       Once memory resident, Doom II will infect .COM and .EXE programs, 
       including COMMAND.COM, when they are executed.  Infected .COM and 
       .EXE files increase in size by 1,252 bytes with the virus being 
       located at the end of the infected file.  The virus does not hide 
       the file length increase, nor is the file date and time in the disk 
       directory altered.  Occassionally, a .EXE program infected by Doom 
       II will increase slightly more in size, such as by 1,253 or 1,254. 
       This appears to be due to a bug in the virus. 
 
       Systems infected with Doom II may experience system hangs when 
       programs attempt to write to the system display.  These hangs occur 
       due to the virus being resident in the video card memory, thus 
       making it unavailable.  When these hangs occur, typically the 
       monitor display will be blanked and the system keyboard will be 
       locked out.  These system hangs are also prevalent with the Doom IIB 
       virus, but occur more frequently with Doom II, including whenever 
       the system switches from a graphic to a text display. 
 
       It is unknown if Doom II does anything besides replicate. 
 
       Known variant(s) of Doom II are: 
       Doom II-B: A re-engineered variant of the Doom II virus from 
                  Taiwan, Doom II-B is a memory resident infector of .COM 
                  and .EXE programs.  Doom II-B infects .COM and .EXE 
                  programs, including COMMAND.COM, when they are executed. 
                  Infected programs will have a file length increase of 
                  1,252 bytes with the virus being located at the end of 
                  the file. 
                  Origin:  United States  May, 1991.

Show viruses from discovered during that infect .

Main Page