Frajer-649 Virus

Virus Name: Frajer-649 Aliases: V Status: Rare Discovered: June, 1993 Symptoms: .COM file growth Origin: Poland Eff Length: 649 Bytes Type Code: PNCK - Parasitic Non-Resident .COM Infector Detection Method: F-Prot, IBMAV, AVTK, Sweep, ViruScan, NAV, NAVDX, VAlert, PCScan, ChAV, NShld, Sweep/N, AVTK/N, NProt, IBMAV/N, Innoc, NAV/N, LProt Removal Instructions: Delete infected files General Comments: The Frajer-649 virus was received in June, 1993, and is originally from Poland. Frajer-649 is a non-resident, direct action infector of .COM programs, including COMMAND.COM. It does not infect very small .COM files. When a program infected with the Frajer-649 virus is executed, this virus will infect all of the .COM programs located in the current directory which are larger than approximately 2K. Infected programs will have a file length increase of 649 bytes with the virus being located at the end of the program. The file's date and time in the DOS disk directory listing will not be altered. One text string is visible within the viral code in all Frajer-649 infected programs: "*.COM" It is unknown what Frajer-649 may do besides replicate. Known variant(s) of Frajer-649 are: Frajer.524: Received in March, 1994, this variant is a 524 byte memory resident version of the Frajer-649 virus described above. It installs itself memory resident in low available system memory, not reserving this area. Interrupt 21 will be hooked by the virus. Once the virus is memory resident, it will infect .COM files when they are executed. Infected .COM programs will have a file length increase of 524 bytes with the virus being located at the end of the file. The program's date and time in the DOS disk directory listing will have been updated to the current system date and time when infection occurred. No text strings are visible within the viral code. Origin: Unknown, March, 1994.