EVCZ Virus


 Virus Name:  EVCZ 
 Aliases: 
 V Status:    New 
 Discovered:  February, 1995 
 Symptoms:    .COM & .EXE file corruption; file date/time changes 
 Origin:      Unknown 
 Eff Length:  161 Bytes (Overwriting) 
 Type Code:   ORsAK - Overwriting Resident .COM & .EXE Infector 
 Detection Method:  F-Prot, AVTK, Sweep, ViruScan, NAVDX, VAlert, NAV, 
                    IBMAV, PCScan, ChAV, 
                    NProt, AVTK/N, Sweep/N, NShld, NAV/N, IBMAV/N, LProt 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The EVCZ virus was received in February, 1995.  Its origin or point 
       of isolation is unknown.  EVCZ is a memory resident overwriting 
       virus which infects .COM and .EXE files, including COMMAND.COM.  It 
       permanently corrupts the programs it infects. 
 
       When the first EVCZ infected program is executed, this virus will 
       install itself memory resident as a low system memory TSR.  Interrupt 
       21 will be hooked by the virus in memory. 
 
       Once the EVCZ virus is memory resident, it will infect .COM and .EXE 
       files, including COMMAND.COM, when they are executed.  Infected 
       programs will have the first 161 bytes overwritten by the viral 
       code.  The program's date and time in the DOS disk directory listing 
       will have been updated to the current system date and time when 
       infection occurred.  The following text strings are visible within 
       the viral code in all infected programs: 
 
               "EVCZ" 
               "MaKe ViRii oUT T aSS" 
 
       Programs infected with the EVCZ virus will not function properly, 
       usually returning the user to the system prompt when executed.  Once 
       COMMAND.COM becomes infected, boot failures may occur.

Show viruses from discovered during that infect .

Main Page