Enemy Virus


 Virus Name:  Enemy 
 Aliases:    
 V Status:    Rare 
 Discovered:  March, 1992 
 Symptoms:    .COM & .EXE growth; decrease in total system and available 
              free memory 
 Origin:      Unknown 
 Eff Length:  712 - 1,396 Bytes 
 Type Code:   PRhAK - Parasitic Resident .COM & .EXE Infector 
 Detection Method:  ViruScan, F-Prot, AVTK, Sweep, IBMAV, 
                    NAV, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, Sweep/N, LProt, Innoc, NProt, AVTK/N, IBMAV/N, 
                    NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Enemy virus was received in March, 1992.  Its origin is 
       unknown.  Enemy is a memory resident infector of .COM and .EXE 
       programs, including COMMAND.COM. 
 
       The first time an Enemy infected program is executed, the Enemy 
       virus will install itself memory resident at the top of system 
       memory but below the 640K DOS boundary.  Total system and 
       available free memory, as indicated by the DOS CHKDSK program, 
       will have decreased by 2,048 bytes.  Interrupt 21 will be hooked 
       by Enemy in memory.  Also at this time, the Enemy virus will 
       infect COMMAND.COM located on the current drive and C: drive if it 
       was not previously infected. 
 
       After the Enemy virus has become memory resident, it will infect 
       .COM and .EXE programs when they are executed or opened.  Programs 
       infected with the Enemy virus will have a file length increase of 
       712 - 1,396 bytes with the virus being located at the end of the 
       file.  The file's date and time in the DOS disk directory listing 
       will not have been altered. 
 
       The Enemy virus is an encrypted virus, but the following text 
       string can be found unencrypted near the end of the viral code 
       in some infected programs: 
 
               "ENEMY" 
 
       It is unknown if Enemy does anything besides replicate. 
 
       Known variant(s) of Enemy are: 
       Stranger: Functionally similar to the Enemy virus described 
                 above, the Stranger virus adds 746 - 1,435 bytes to the 
                 .COM and .EXE programs it infects.  The following text 
                 strings are encrypted within the Stranger viral code 
                 in infected programs: 
                 "I am a stranger in a strange land..." 
                 "C:\COMMAND.COM" 
                 The following text string can be found unencrypted near 
                 the end of the viral code in infected programs: 
                 "ranger" 
                 Origin:  Unknown  July, 1992. 
 
       See:  Scream

Show viruses from discovered during that infect .

Main Page