Faces Virus


 Virus Name:  Faces 
 Aliases:     Faces.565 
 V Status:    New 
 Discovered:  January, 1996 
 Symptoms:    .COM file growth 
 Origin:      Unknown 
 Eff Length:  565 Bytes 
 Type Code:   PNCK - Parasitic Non-Resident .COM Infector 
 Detection Method:  F-Prot, AVTK, IBMAV, ViruScan, PCScan, 
                    NAV, NAVDX, ChAV, 
                    Innoc, NProt, AVTK/N, IBMAV/N, LProt, NShld, NAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Faces virus was recieved in January, 1996.  Its origin or 
       point of isolation is unknown.  Faces is a non-resident, direct 
       action infector of .COM programs, including COMMAND.COM. 
 
       When a program infected with the Faces virus is executed, the 
       Faerie virus will infect all of the .COM program located in the 
       current directory, providing that the current drive is not the A: 
       drive.  If COMMAND.COM is located in this directory, it will 
       become infected.  It will also infect the copy of EDIT.COM located 
       in the \DOS directory of the current drive at this time. 
 
       Programs infected with the Faces virus will have a file length 
       increase of 565 bytes with the virus being located at the end of 
       the file.  The program's date and time in the DOS disk directory 
       listing will not be altered.  The following text strings are 
       encrypted within the viral code: 
 
               "Faces of Death - (c) 1994 The Unforgiven/Immortal Riot" 
               "\DOS\EDIT.COM" 
               "c:\dos\keyb.com" 
               "* Materialism - the religion of today, ain't it sad?" 
               "*.com"

Show viruses from discovered during that infect .

Main Page