Father Christmas Virus

Virus Name: Father Christmas Aliases: Choinka V Status: Rare Discovered: November, 1990 Symptoms: .COM growth; lost cluster; cross-linking of files; graphic and message displayed on activation Origin: Poland Eff Length: 1,881 Bytes Type Code: PNCK - Parasitic Non-Resident .COM Infector Detection Method: ViruScan, AVTK, F-Prot, Sweep, IBMAV, NAV, NAVDX, VAlert, PCScan, ChAV, NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, NAV/N, IBMAV/N Removal Instructions: Delete infected files General Comments: The Father Christmas, or Choinka, virus was discovered in Poland in November, 1990. This virus is based on the Vienna virus, and is a non-resident infector of .COM files, including COMMAND.COM. When a program infected with the Father Christmas virus is executed, the virus will infect one other .COM file in the current directory. If no uninfected .COM files exist in the current directory, the virus will follow the system path to find an uninfected program. Infected files will increase in length by 1,881 bytes with the virus being located at the end of the infected program. Systems infected with the Father Christmas virus may notice cross-linking of files and lost clusters. During the period from December 19th-31st of any year, this virus will activate. On these dates, when infected programs are executed a christmas trees graphic is displayed on the system monitor with the following message: Merry Christmas & a Happy New Year for all my lovely friends from FATHER CHRISTMAS If the graphic is displayed, the user must strike a key in order to have the program being executed finish running. Known variant(s) of Father Christmas are: Father Christmas-B: Received in November, 1993, Father Christmas-B is a minor variant of the Father Christmas virus described above. It has been modified to avoid detection by a particular anti-viral utilitie. It is not in the public domain. Origin: Unknown November, 1993. See: Vienna NTKC