Dostepu Virus

Virus Name: Dostepu Aliases: V Status: Rare Discovered: April, 1994 Symptoms: .COM file growth; file date/time changes; TSR; unexpected access to disk drives Origin: Unknown Eff Length: 1,942 - 1,967 Bytes Type Code: PRsCK - Parasitic Resident .COM Infector Detection Method: F-Prot, Sweep, IBMAV, AVTK, ViruScan, NAV, NAVDX, VAlert, PCScan, ChAV, NProt, AVTK/N, Sweep/N, IBMAV/N, NShld, Innoc, NAV/N Removal Instructions: Delete infected files General Comments: The Dostepu virus was received in April, 1994. Its origin or point of isolation is unknown. Dostepu is a memory resident, direct action infector of .COM programs, including COMMAND.COM. Its memory resident TSR is not used directly to infect programs. When the first Dostepu infected program is executed, this virus will install itself memory resident as a low system memory TSR of 7,392 bytes, hooking interrupt 1C. Also at this time, the virus will attempt to infect .COM programs located in the root directory of the two drives immediately above the current drive in drive letter. For example, if the current drive is the A: drive, the virus will attempt to infect programs on the B: and C: drives' root directories. Programs infected with the Dostepu virus will have a file length increase of 1,942 to 1,967 bytes with the virus being located at the end of the file. The program's date in the DOS disk directory listing will have been updated to "13-31-99" while the file time will be set to the system time when infection occurred. The following text strings are visible within the viral code in all infected files: "Nie znaleziono pliku lub zla sciezka dostepu!" "raz23" "ARAZ23" "????????COM" "COMAND.COM"