Doomsday Virus

Virus Name: Doomsday Aliases: Doomsday.733 V Status: New Discovered: January, 1995 Symptoms: .COM file growth; system hangs; hard disk corruption; file date/time seconds = "28" Origin: Unknown Eff Length: 733 Bytes Type Code: PNCK - Parasitic Non-Resident .COM Infector Detection Method: F-Prot, ViruScan, AVTK, IBMAV, Sweep, ChAV, NAV, NAVDX, VAlert, PCScan, NShld, Innoc, NProt, IBMAV/N, AVTK/N, Sweep/N, NAV/N, LProt Removal Instructions: Delete infected files General Comments: The Doomsday virus was received in January, 1995. Its origin or point of isolation is unknown. Doomsday is a non-resident, direct action infector of .COM files, including COMMAND.COM. It does not infect very small .COM files. When a program infected with the Doomsday virus is executed, this virus will infect one .COM file in the current directory. It will then proceed to access the system hard disk and emit a scraping sound. Under some circumstances, it may corrupt the system hard disk, though the sample submitted does not. Infected .COM files will have a file length increase of 733 bytes with the virus being located at the end of the file. The program's date and time in the DOS disk directory listing will not appear to be altered, though the seconds field will have been set to "28". The following text strings are encrypted within the viral code: "v040" "\*.com \" "A scion to none" "Certainly no fun" "Total destruction when done" "Introducing DOOMSDAY ONE" "Written in Orlando, FL on 5/13/91" "Your disk is dead!" "Long live DOOMSDAY 1.0" If the Doomsday virus attempts to infect a .COM file smaller than itself, a system hang will occur and the file will not become infected. See: Null Set