Doubleheart Virus


 Virus Name:  Doubleheart 
 Aliases:     Doubleheart.452 
 V Status:    New 
 Discovered:  July, 1994 
 Symptoms:    .EXE file growth; file date/time changes; 
              unexpected access to disk drives 
 Origin:      Unknown 
 Eff Length:  452 - 466 Bytes 
 Type Code:   PNE - Parasitic Non-Resident .EXE Infector 
 Detection Method:  F-Prot, AVTK, IBMAV, ViruScan, Sweep, NAV, 
                    NAVDX, VAlert, PCScan, 
                    AVTK/N, IBMAV/N, NShld, Sweep/N, NProt, NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Doubleheart virus was received in July, 1994.  Its origin or point 
       of isolation is unknown.  Doubleheart is a non-resident, direct action 
       infector of .EXE programs. 
 
       When a Doubleheart infected program is executed, the Doubleheart virus 
       will infect up to three .EXE files in the current drive current 
       directory, as well as one .EXE located in the C: drive root directory, 
       and attempt to infect one file located on the B: drive.  Files 
       infected with the Doubleheart virus will have a file length increase 
       of 452 to 466 bytes with the virus being located at the end of the 
       file.  The program's date and time in the DOS disk directory listing 
       will have been updated to the current system date and time when 
       infection occurred.  One text string is visible within the viral code 
       in all Doubleheart infected programs: 
    
               "*.exe" 
 
       It is unknown what Doubleheart may do besides replicate. 
 
       Known variant(s) of Doubleheart are: 
       Doubleheart.452.B: Also received in July, 1994, Doubleheart.452.B 
                  is a minor variant of the Doubleheart virus described 
                  above.  Characters from memory and system hangs may occur 
                  when infected programs are executed. 
                  Origin:  Unknown  July, 1994. 
       Doubleheart.649: Received in July, 1994, Doubleheart.649 is a 
                  .COM file infecting variant of the Doubleheart virus 
                  described above.  It infects up to three .COM files in the 
                  current directory, as well as attempting to infect one file 
                  on the B: and C: drives, when an infected program is 
                  executed.  Programs infected with Doubleheart.649 will have 
                  a file length increase of 649 to 660 bytes with the virus 
                  being located at the end of the file.  The program's date 
                  and time in the DOS disk directory listing will have been 
                  updated to the current system date and time when infection 
                  occurred.  The following text strings are encrypted within 
                  the viral code: 
                  "*.com" 
                  ".COM M M IBMBIO.COMIBMDOS.COM" 
                  "From Russia with love!" 
                  Origin:  Unknown  July, 1994.

Show viruses from discovered during that infect .

Main Page