Equus Virus


 Virus Name:  Equus 
 Aliases:     Equus.480 
 V Status:    New 
 Discovered:  January, 1996 
 Symptoms:    .COM file growth; file date/time changes; 
              decrease in available free memory 
 Origin:      Unknown 
 Eff Length:  480 Bytes 
 Type Code:   PRhCK - Parasitic Resident .COM Infector 
 Detection Method:  IBMAV, ViruScan, NAV, F-Prot, NAVDX, AVTK, ChAV, 
                    IBMAV/N, NShld, NAV/N, AVTK/N, Innoc 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Equus or Equus.480 virus was received in January, 1996.  Its 
       origin or point of isolation is unknown.  Equus is a memory resident 
       infector of .COM files, including COMMAND.COM. 
 
       When the first Equus infected program is executed, this virus will 
       install itself memory resident at the top of system memory but below 
       the 640K DOS boundary, not moving interrupt 12's return.  Available 
       free memory, as indicated by the DOS CHKDSK program from DOS 5.0, 
       will have decreased by 1,152 bytes.  Interrupt 21 will be hooked by 
       the virus in memory. 
 
       Once the Equus virus is memory resident, it will infect .COM files 
       when they are executed.  Infected files will have a file length 
       increase of 480 bytes with the virus being located at the end of the 
       file.  The program's date and time in the DOS disk directory listing 
       will have been updated to the current system date and time when 
       infection occurred.  The following text string is visible within 
       the viral code in all infected files: 
 
           "Equus trojanus v1.1 (C) AREOPAG No.15"

Show viruses from discovered during that infect .

Main Page