1403 Virus


 Virus Name:  1403 
 Aliases:    
 V Status:    Rare 
 Discovery:   October, 1993 
 Symptoms:    .COM & .EXE growth; 
              Decrease in total system & available free memory 
 Origin:      Unknown 
 Eff Length:  1,403 - 1,417 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  ViruScan, IBMAV, F-Prot, AVTK, Sweep, 
                    NAV, NAVDX, VAlert, PCScan, ChAV, 
                    LProt, NShld, Sweep/N, NProt, AVTK/N, IBMAV/N, NAV/N, 
                    Innoc 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The 1403 virus was submitted in October, 1993.  Its origin or point 
       of isolation is unknown.  1403 is a memory resident infector of 
       .COM and .EXE programs, including COMMAND.COM. 
 
       When the first 1403 infected program is executed, the 1403 virus 
       will install itself memory resident at the top of system memory but 
       below the 640K DOS boundary, not moving interrupt 12's return.  Total 
       system and available free memory, as indicated by the DOS CHKDSK 
       program, will have decreased by 3,296 bytes.  Interrupts 08, 12, 13, 
       and 21 will be hooked by the virus in memory. 
 
       Once the 1403 virus is memory resident, it will infect .COM and .EXE 
       programs when they are executed.  Infected .COM programs will have a 
       file length increase of 1,403 bytes.  .EXE programs will increase in 
       size by 1,403 to 1,417 bytes.  In both cases, the virus will be 
       located at the end of the file.  The program's date and time in the 
       DOS disk directory listing will not be altered.  No text strings are 
       visible within the viral code. 
 
       It is unknown what 1403 does besides replicate.

Show viruses from discovered during that infect .

Main Page