Elaine Virus


 Virus Name:  Elaine 
 Aliases:     Elaine.1127 
 V Status:    New 
 Discovered:  January, 1996 
 Symptoms:    .COM & .EXE growth; decrease in available free memory; 
              file date/time seconds = 62 
 Origin:      Unknown 
 Eff Length:  1,127 - 1,141 Bytes 
 Type Code:   PRhA - Parasitic Resident .COM & .EXE Infector 
 Detection Method: NAV, NAVDX, ViruScan, IBMAV, AVTK, PCScan, F-Prot, 
                   ChAV, 
                   AVTK/N, NAV/N, NShld, IBMAV/N, LProt, Innoc 4.0+ 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Elaine virus was received in January, 1996.  Its origin or 
       point of isolation is unknown.  Elaine is a memory resident 
       infector of .COM and .EXE files, but not COMMAND.COM. 
 
       When the first Elaine infected program is executed, this virus will 
       install itself memory resident at the top of system memory but below 
       the 640K DOS boundary, not moving interrupt 12's return.  Available 
       free memory, as indicated by the DOS CHKDSK program from DOS 5.0, 
       will have decreased by 1,456 bytes.  Interrupts 13 and 21 will be 
       hooked by the virus in memory. 
 
       Once the Elaine virus is memory resident, it will infect .COM and 
       .EXE files, but not COMMAND.COM, when they are executed.  Infected 
       .COM files will have a file length increase of 1,127 bytes while 
       .EXE files will increase in size by 1,127 to 1,141 bytes.  In both 
       cases, the virus will be located at the end of the file.  The 
       program's date and time in the DOS disk directory listing will not 
       appear to be altered, though the seconds field will have been set to 
       "62".  The following text strings are visible within the viral code 
       in all infected files: 
 
           "Elaine 1.0  28 May 1994" 
           "E1.0=N" 
 
       It is unknown what the Elaine virus may do besides replicate.

Show viruses from discovered during that infect .

Main Page