FoneSex Virus

Virus Name: FoneSex Aliases: V Status: Viron Discovered: January, 1993 Symptoms: .COM & .EXE programs overwritten; program corruption; messages; attempts to dial modem Origin: Unknown Eff Length: 688 Bytes OW Type Code: ONA - Overwriting Non-Resident .COM & .EXE Infector Detection Method: ViruScan, F-Prot, AVTK, Sweep, IBMAV, NAV, NAVDX, VAlert, PCScan, ChAV, NShld, Sweep/N, NAV/N, AVTK/N, IBMAV/N, Innoc, LProt Removal Instructions: Delete infected files General Comments: The FoneSex virus was submitted in January, 1993. Its origin or point of isolation is unknown. FoneSex is a non-resident, direct action overwriting virus which infects .COM and .EXE programs. When a program infected with the FoneSex virus is executed, the FoneSex virus will infect all of the .COM and .EXE programs located in the current directory. Infected programs will not increase in size unless they were originally smaller than 688 bytes in length, in which case they will become 688 bytes in length. The program's date and time in the DOS disk directory listing will not be altered. Once the virus has completed infecting all of the .COM and .EXE programs in the current directory, it will display one of the following messages and return the user to the DOS prompt: "Out of Memory" "Program too big to fit in memory" The FoneSex virus contains the following unencrypted text strings within its viral code: "*.* *.exe \ \dos *.com d" "Out of Memory" "9034600" "4545388" "2888100" "6809100" "9038181" "4540759" "8840758" "8965581" "6804900" "4075240" "9038700" "7868482" The above seven digit numeric text strings are interpretted as phone numbers by the virus, and the virus may occassionally attempt to send a dialing command sequence to the system COM ports in order to activate a modem.