Ebbelwoi Virus


 Virus Name:  Ebbelwoi 
 Aliases:    
 V Status:    Rare 
 Discovered:  February, 1994 
 Symptoms:    .COM file growth; file date/time seconds set to 06; 
              unexpected access to C: drive 
 Origin:      Germany 
 Eff Length:  402 Bytes 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method:  ViruScan, AVTK, Sweep, IBMAV, F-Prot, 
                    NAV, NAVDX, VAlert, PCScan, ChAV, 
                    IBMAV/N, NShld, AVTK/N, Sweep/N, NProt, NAV/N, Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Ebbelwoi virus was received in February, 1994, and appears to be 
       from Germany.  Ebbelwoi is a non-resident, direct action infector of 
       .COM programs, including COMMAND.COM.  It only infects programs 
       located on the C: drive. 
 
       When a program infected with the Ebbelwoi virus is executed, this 
       virus will infect one .COM program located in the C: drive current 
       directory.  Infected programs will have a file length increase of 402 
       bytes with the virus being located at the end of the file.  The 
       program's date and time in the DOS disk directory listing will appear 
       to be unaltered, however the seconds field will have been set to "06". 
       The following text string is encrypted within the Ebbelwoi viral 
       code: 
 
               "DK*.COM << Ebbelwoi >> by (›)SiRiUS 10-93 D-63225"

Show viruses from discovered during that infect .

Main Page