Fichv-896 Virus


 Virus Name:  Fichv-896 
 Aliases:     Fich 
 V Status:    Rare 
 Discovered:  February, 1992 
 Symptoms:    .COM file growth; TSR; overwrites hard disk 
 Origin:      France 
 Eff Length:  896 Bytes 
 Type Code:   PRsCK - Parasitic Resident .COM Infector 
 Detection Method:  AVTK, ViruScan, Sweep, F-Prot, IBMAV, 
                    NAV, NAVDX, VAlert, PCScan, ChAV, 
                    NShld, LProt, Sweep/N, Innoc, NProt, AVTK/N, 
                    NAV/N, IBMAV/N 
 Removal Instructions:  Delete infected files 
 
 General Comments: 
       The Fichv-896 virus was isolated in France in February, 1992, by 
       Eric Richet.  Fichv-896 is a memory resident infector of .COM 
       programs, including COMMAND.COM.  It is based on the  Fich  virus. 
 
       The first time a program infected with the Fichv-896 virus is 
       executed, the Fichv-896 virus will install itself memory resident 
       as a low system memory TSR of 1,200 bytes. Interrupts 21, 24, and 
       F8 will be hooked by the virus in memory.  If COMMAND.COM was not 
       previously infected by the virus, it will become infected at this 
       time. 
 
       Once the Fichv-896 virus is memory resident, it will infect one 
       .COM program located in the current directory each time a program 
       is executed.  Additionally, it will infect the program being 
       executed if it is a .COM program larger than approximately 2K in 
       size. 
 
       Programs infected with the Fichv-896 virus will have a file length 
       increase of 896 bytes.  The virus will be located at the beginning 
       of the infected program.  The file's date and time in the DOS disk 
       directory listing will not be altered.  Fichv-896 is an encrypted 
       virus, and no text strings are visible within the viral code in 
       replicated samples. 
 
       Fichv-896 contains code to overwrite the system hard disk when it 
       activates. 
 
       See:   Fich

Show viruses from discovered during that infect .

Main Page