Explorer Virus


 Virus Name:  Explorer 
 Aliases:     Explorer.3037 
 V Status:    New 
 Discovered:  January, 1996 
 Symptoms:    .EXE & .SYS growth; decrease in available free memory 
 Origin:      Unknown 
 Eff Length:  3,037 Bytes 
 Type Code:   PRhES - Parasitic Resident .EXE & .SYS Infector 
 Detection Method:  AVTK, IBMAV, ViruScan, NAV, NAVDX, 
                    AVTK/N, IBMAV/N, NShld, NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Explorer virus was received in January, 1996.  Its origin or 
       point of isolation is unknown.  Explorer is a memory resident 
       infector of .EXE and .SYS files. 
 
       When the first Explorer infected program is executed, this virus 
       will install itself memory resident at the top of system memory 
       but below the 640K DOS boundary, not moving interrupt 12's return. 
       Available free memory, as indicated by the DOS CHKDSK program from 
       DOS 5.0, will have decreased by 3,200 bytes.  Interrupt 21 will be 
       hooked by the virus in memory.  Also at this time, the virus may 
       infect the first .SYS file found in the current directory. 
 
       Once the Explorer virus is memory resident, it will infect .EXE 
       files when they are executed.  Infected files will have a file length 
       increase of 3,037 bytes with the virus being located at the end of 
       the file.  The program's date and time in the DOS disk directory 
       listing will not be altered.  The following text strings are 
       encrypted within the viral code: 
 
           "The 21st Space Explorer

Show viruses from discovered during that infect .

Main Page